Role: GRC Analyst
Responsibilities:
* Maintain compliance with information security frameworks, standards, and ISO 27001.
* Provide expert advice on information security controls and systems.
* Develop and maintain security documentation and policies.
* Input into Business Continuity/Disaster Recovery strategies (ISO 27001, ISO 22301).
* Plan and implement security training and awareness programs.
* Manage security incidents and conduct reviews/audits.
* Lead internal and external security audits.
* Maintain security risk register and write risk assessments.
* Ensure effective vulnerability management.
* Engage with external stakeholders on security requirements.
Requirements:
* Minimum 3 years in Information Security.
* CISM or equivalent; CompTIA Security+ Certification.
* Experience with ISO 27001 (preferably certified).
* Knowledge of HMG security requirements.
* Experience in technical information security.
* Experience with ISMS and Business Continuity/Disaster Recovery (ISO 22301).
* ITIL security management knowledge.
* Understanding of risk management lifecycle.
* Ability to gain HMG SC clearance.
Benefits:
* Competitive salary and benefits package
* Opportunities for career development and advancement within the company
* 1 day per week in the office