Job for GRC Analyst
Job Overview:The Our Client Technology and Cyber Security Risk Analyst will be working closely with Our Client business stakeholders, customers, and suppliers to identify and understand risk so it can be effectively managed through ServiceNow’s IRM module. You will have previous experience in transforming a GRC department and be able to directly transform current services as well as support business as usual activity. This is a global role with responsibility for responding to information security needs across the entire Our Client corporation.An ideal candidate will have a demonstrated ability to drive security risk change, compliance, and business outcomes, can present security practices to business stakeholders, customers and suppliers, is detail oriented and able to operate effectively under pressure.Responsibilities:· Support internal and external stakeholders on matters of risk assessments and framework requirements (working knowledge of NIST CSF, 800-53). Ensuring security and compliance requirements are understood by those stakeholders· Driving transformational change to the Technology and Security Risk program as it evolves to meet changing organizational and regulatory needs. · Help build and maintain an effective third party risk assessment program· Perform supplier risk assessments, contract reviews, respond to customer security questionnaires and establish that Our Client security and compliance requirements are understood.· Develops tactical and trusted relationships within business stakeholders, partners and vendors. Awareness of project management techniques, while having the ability to support meetings when required.· Ability to present clear, consistent information and professional risk reporting to directorate and executive to highlight highest priority risks and their treatment plans. · Work directly with internal business partners to assist in the identification and assessment of potential security risks, establish risk owners, ratings, and management action plans· Develop Standard Operating Procedures (SOP) to document procedures for risk assessments, third party assessments, and business process workflows for Security Governance, Risk, and Compliance· Document recommendations and implementation of corrective action plans to remediate issues for identified deficiencies. Monitor the progress of plans for on time completion· Counsel and guide business partners in identifying risks and potential risk mitigation alternatives commensurate with the risk identified and consistent with risk appetiteUtilizing working knowledge of IRM (Integrated Risk Management) of ServiceNow to build GRC processes within it.· Ensure that fundamental information on accountable technology is accurate (e.g. KB Articles / process maps / training documents and presentations / RACI / Contract information).· Identify problems that cause negative impact to Our Client or the team and help to create solutions.· Provide on-the-job training and peer review to team members· Feed recommendations into strategic plansRequired Skills and Experience :· Security qualifications. i.e., CISSP, CISM.· Work directly with technology, and business partners to assess security risk controls to ensure data is adequately safeguarded· Experience in conducting internal security assessments and reviews· Experience in articulating and documenting information security risks· Customer driven; help bring the voice of customer into every technical decision.· Influencing the security agenda across a large enterprise.· Experience with security and privacy controls deployed in large enterprise and cloud environments· Able to independently solve straightforward problems by investigating fully and provide recommended solutions for more sophisticated problems.· A driven demeanour will thrive at Our Client. Proactive mentality is a must.· Ability to clearly communicate information security concepts and complex technical topics to a wide audience of both technical and non-technical personnel (business leaders, auditors, legal staff, engineers)· Execution oriented with an ability to manage multiple projects simultaneously with a focus on outcomes driving impact· Ability to effectively work and collaborate with technical and non-technical resources.· Demonstrates the ability to manage and prioritize multiple projects simultaneously and adapt to rapidly changing schedules, priorities, and workflows.· Attention to detail, ability to multi-task and maintain composure when under pressure· Agile, self-starter and can prioritize quickly and effectively. Contributes through the quality, accuracy and timeliness of the tasks/services provided by self, and quality control of work provided by others.“Nice To Have” Skills and Experience :· Hands on experience implementing security within public cloud services (AWS, Azure, Google)· Good familiarity with other Enterprise Security organization (can identify which team fulfils which roles) and a Solid understanding of ITIL processes.· Experience working in a security role focused on technical controls, services and procedures. · Demonstrates a good understanding of the variety of technical security control concepts, procedures and systems (e.g., Email Security, AV, EDR, Firewalls).· Experience with Configuration Management Database (CMDB)· Strong familiarity with security standards, and audit requirements including NIST CSF, 800-53, ISO 27001, PCI DSS, and SOC 2 Type 2 reports
In Return:Our Client is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don’t discriminate on the basis of any characteristic
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.
# 4598870