GRC Information Security Analyst
Apply Nowidentifi Global Resources
Job details
GRC Information Security Analyst Hybrid with 2 days onsite in Hertfordshire office per week £50 000 - £60 000 Excellent Benefit About the company: Global Technology powerhouse pioneering the future of transport & logistics through disruptive innovation and automation. They create world-class systems at the intersection of robotics and IoT, cloud platforms, big data, machine learning, software development, and beyond. They are well known for developing artificial intelligence, robotics big data, the cloud and IoT. They are taking advantage of their cutting-edge technology and innovative software. They are a fast- growing company: with 7 development centre across the UK and Europe. What you will be doing: As the Information Security Analyst you will be supporting the InfoSec GRC team in all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration. This role is not a technical hands on role, but would suit an individual who has a technical background having worked with a range of technology and security tools who is now looking for an information security GRC role. You’ll be working on things like; -Contributing to the creation and refreshment of information security documents, policies, processes and procedures. - Working with business stakeholders and project teams to understand, scope and define security requirements. - Assisting in developing control testing strategies, to ensure our security controls are meeting their objectives. - Performing internal security and vendor risk assessments. - Supporting the Information Security teams and Business functions in maintaining security attestations, which include PCI DSS and SSAE18/SOC 2. - Providing effective reporting to the Head of Information Security Governance of trends, audit findings and risk ratings. - Performing internal and third-party vendor risk assessments, and writing risk assessment reports. What we’re looking for: - Experience in an Information Security GRC related role. - Experience in writing Information Security related Policies, Processes and Procedures - Knowledge of Vendor Risk Management tools such as OneTrust - Experience with current information security standards, frameworks and regulations such as ISO27001, NIST, SSAE18/SOC 2, PCI-DSS, GDPR. - Third-Party Vendor Risk Management experience (SOC 2 Type) Not required, but nice to have: Any of the following: CISA, CRISC, or CISM certifications Role comes with a great benefit package, some to mention: - ‘work from anywhere’ policy Remote working for the month of August - 25 days annual leave, rising to 27 days after 5 years service (plus optional holiday purchase) - Pension scheme with employer contribution matching up to 7% Private Medical Insurance - Opportunity to participate in Share save and Buy as You Earn share schemes - Income Protection(can be up to 50% of salary for 3 years) and Life Assurance(3 x annual salary)
Apply Now