GRC Analyst – Information Security - FTSE 100 Market Leader
Get AI-powered advice on this job and more exclusive features.
This range is provided by Ventula Consulting. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range
GRC Analyst – Information Security - FTSE 100 Market Leader
We are seeking a GRC Analyst with a focus on infosec governance, risk, and compliance for a market-leading brand. The successful candidate will assist in establishing and monitoring the corporate information security policy, standards, procedures, guidelines, internal controls, and business continuity plans to ensure critical information is protected in line with cybersecurity best practices and data protection regulations.
The ideal candidate will have specific knowledge of PCI DSS, and experience helping organizations achieve PCI DSS compliance, ideally working with third-party experts.
The role requires the ability to interpret technical designs, apply information security best practices, lead incident investigations, and conduct risk and vulnerability assessments as needed.
Key Accountabilities & Responsibilities
* Conduct risk and vulnerability assessments to identify and mitigate security risks.
* Represent information security in projects, ensuring adherence to best practices.
* Coordinate across departments to manage risks through comprehensive security measures and policies.
* Lead and participate in complex incident investigations.
* Develop and maintain cyber incident response plans and playbooks.
* Conduct post-incident reviews and implement lessons learned to enhance security posture.
Requirements:
* Experience in technical operations security or security governance roles.
* Ability to assess system controls based on documented standards.
* Strong problem analysis and resolution skills.
* Excellent communication skills to influence and explain technical issues to non-technical stakeholders.
* Ability to build relationships and negotiate effectively.
* Experience presenting findings to senior stakeholders.
* Recognized cybersecurity qualifications such as CISA, CISMP, CISM, or equivalent.
* Knowledge of industry frameworks like ISO27001 and PCI DSS.
This role is based in Northampton and follows a hybrid working model, averaging 2 days on-site per week.
The salary range is £50,000 to £60,000 plus bonus and benefits.
Seniority level
* Mid-Senior level
Employment type
* Full-time
Job function
* Information Technology and Analysis
Industries
* Retail, Information Services, Technology, Media
#J-18808-Ljbffr