Job Overview:
The GRC Risk Analyst will be responsible for identifying, analysing and influencing the management of Enterprise IT (EIT) and Enterprise Security (ES) risks.
Responsibilities:
1. Support internal and external partners on matters of risk assessments, security controls, and framework requirements, ensuring security and compliance requirements are understood.
2. Coordinate EIT responses to regulatory inquiries and audits, ensuring Arm is compliant.
3. Support EIT business continuity management (BCM) needs, operationalizing and assuring a capability of safeguarding our services and operations in the face of disruption and disaster, and maturing this capability to become operationally resilient.
4. Ensure continuity and recovery plans are detailed, approved, tested, and maintained by asset owners and custodians.
5. Develop tactical and positive relationships within the business, partners, and vendors.
6. Develop Standard Operating Procedures (SOP) to detail procedures for risk assessments, third-party assessments, and business process workflows for Security Governance, Risk, Resilience, and Compliance.
7. Ensure that fundamental information on accountable technology is accurate (e.g., KB Articles, process maps, training documents, presentations, RACI, contract information).
8. Identify and raise risks, threats, and vulnerabilities of technology security matters, working with risk owners to shepherd the risks to conclusion where possible.
Required Skills and Experience:
1. Experience in conducting internal security assessments and reviews, articulating and documenting information security risks.
2. Strong familiarity with security standards and audit requirements including NIST CSF, 800-53, ISO 27001, PCI DSS, and SOC 2 Type 2 reports.
3. BCM programme governance - the development and maintenance of a strategy and enabling governance framework, ideally ISO22301 aligned.
4. Interpersonal skills required to interact effectively within the Enterprise Security group, customers, and vendors at a tactical level.
5. Agile, self-starter who can prioritize quickly and effectively, contributing through the quality, accuracy, and timeliness of tasks/services provided by self and quality control of work provided by others.
“Nice To Have” Skills and Experience:
1. Hands-on experience implementing security within public cloud services (AWS, Azure, Google).
2. Demonstrates a good understanding of the variety of technical security control concepts, procedures, and systems (e.g., Email Security, AV, EDR, Firewalls).
3. Security qualifications i.e., CISSP, CISM.
4. Good familiarity with other Enterprise Security organizations and a solid grasp of ITIL processes.
In Return:
You will be a key person to help our leaders focus on the risk that truly matters. This is a global role with responsibility for responding to information security needs across the entire Arm corporation!
#J-18808-Ljbffr