GRC Analyst - Information Security - FTSE 100
This range is provided by Ventula Consulting. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range
GRC Analyst – Information Security - FTSE 100 Market Leader
GRC Analyst with a focus on infosec governance, risk and compliance required by a market leading retail brand. The information security analyst will assist in establishing and monitoring the corporate information security policy, standards, procedures, guidelines, internal controls and business continuity to ensure critical Information is protected, in alignment to Cyber Security best practice and data protection regulation.
This role requires a particular knowledge around PCI DSS, and ideally my client is looking for an individual who has worked to help an organisation achieve PCI DSS compliance working with 3rd party experts.
The focus of this role will be to represent information security being able to interpret technical design and how information security best practices should be applied. Also be able to lead with incident management investigations and conduct risk and vulnerability assessments where appropriate.
Key Accountabilities & Responsibilities
Role Accountabilities
* Conduct risk and vulnerability assessments to identify and mitigate security risks.
* Represent information security within projects to ensure best practice is adhered to.
* Coordinate across departments to ensure risk is managed through comprehensive security measures and policies.
* Incident response and management – lead and participate in complex incident investigations.
* Develop and maintain cyber incident response plans and playbooks.
* Conduct post-incident reviews and implement lessons learned to improve the organisation’s security posture.
Requirements:
* Either Technical Operations Security experience with an interest to work within a governance role or experience working in a Security Governance role.
* Ability to assess system controls based on a documented standard.
* Demonstrated ability in problem analysis and resolution.
* Strong communication skills to influence best practice at all levels of the organisation, with the ability to explain technical problems to non-technical business stakeholders.
* Ability to build effective relationships to influence and negotiate business outcomes.
* Experience of working with and presenting findings to Senior Stakeholders.
* Hold recognised Cyber Security qualification (CISA, CISMP, CISM or equivalent).
* Knowledge of industry related frameworks such as ISO27001, PCI DSS.
This role is based in Northampton and is a hybrid position with an average of 3 days a week on-site.
The salary is between £50-£60k + Bonus + Package.
Seniority level
Associate
Employment type
Full-time
Job function
Information Technology and Analyst
Industries
Information Services and Technology, Information and Media
#J-18808-Ljbffr