GRC Analyst
Permanent opportunity CIRCA £75 000
Onsite 3 days a week in Helensburgh, with 2 days remote.
SC or DV clearance required.
Exciting opportunity working for a leading organization in the field of cybersecurity, dedicated to safeguarding digital assets and infrastructure within Governmental sector. Due to significant success, the company is rapidly expanding and seeking a new Consultant to lead client engagement in Helensburgh.
ABOUT THE ROLE
As a GRC Analyst, you will play a key role in guiding the implementation and governance of information security and compliance frameworks across our teams, particularly in alignment with MoD standards. Your expertise in Information Security Management Systems (ISMS), SharePoint, and MOD requirements, including NIST Special Publication 800-37, will be critical in assessing, establishing, and monitoring compliance across various projects.
Your responsibilities will include assessing project requirements, developing and standardizing policies, advising teams on Security by Design (SBD) practices, and ensuring each project complies with security protocols. As part of of this role, you will work alongside security teams, coordinating with Directors and Senior Project Managers to tailor and communicate security policies for different project contexts.
WHAT WILL YOU DO?
Policy and Framework Development: Design and develop templates for information security policies, ensuring alignment with NIST 800-37 and MoD guidelines. Update and draft policies for ISMS, SharePoint, and other systems as needed.
Security by Design (SBD): Assess projects to determine if SBD applies and support teams in implementing necessary security controls.
Compliance Monitoring: Track assessments, updating an internal system to support real-time monitoring of compliance across teams.
Team Education and Guidance: Conduct briefings and F2F meetings with directors, project managers, and security teams to establish clear security processes and policies for each project. Guide and educate teams to ensure compliance.
Risk Assessment and Management: Review and enhance risk assessment processes. Document findings, implement control measures, and maintain current guidelines and risk documentation.
Continuous Improvement: Monitor updates to compliance regulations, support the transition to a maintenance level post-implementation, and ensure all policies remain relevant and actionable across teams.
Stakeholder Engagement: Work closely with contractors and other relevant personnel, balancing hands-on work with guidance across the organization.
WHAT EXPERIENCE YOU WILL NEED TO BE SUCCESFUL?
* Current or Active Security Clearance
* Proven experience in Information Security, GRC within Defence or Military or MOD-aligned environments.
* Experience with security assessments and alignment to NIST 800-37
* Awareness of Security by Design (SBD) principles.
* Hands-on experience with ISMS, SharePoint, and policy drafting/implementation.
* Ability to work collaboratively with various Security Teams, senior stakeholders to communicate the changes and polices required.
* Strong understanding of risk management processes, including risk assessment and mitigation documentation.
For immediate consideration and more information, apply today.