GRC Analyst – Information Security - FTSE 100 Market Leader
GRC Analyst with a focus on infosec governance, risk and compliance required by a market leading brand. The information security analyst will assist in establishing and monitoring the corporate information security policy, standards, procedures, guidelines, internal controls and business continuity to ensure critical Information is protected, in alignment to Cyber Security best practice and data protection regulation.
This role requires a particular knowledge around PCI DSS, and ideally my client is looking for an individual who has worked to help an organisation achieve PCI DSS compliance working with 3rd party experts.
The focus of this role will be to represent information security being able to interpret technical design and how information security best practices should be applied. Also be able to lead with incident management investigations and conduct risk and vulnerability assessments where appropriate.
Key Accountabilities & Responsibilities
Role Accountabilities
* Conduct risk and vulnerability assessments to identify and mitigate security risks
* Represent information security within projects ensure best practice is adhered to.
* Coordinate across departments to ensure risk is managed through compressive security measures and polices
* Incident response and management – lead and participate in complex incident investigations
* Develop and maintain cyber incident response plans and playbooks.
* Conduct post-incident reviews and implement lessons learnt to improve the organisation’s security posture
Requirements:
* Either Technical Operations Security experience with an interest to work within a governance role or experience working in a Security Governance role
* Ability to assess system controls based on a documented standard
* Will be able to demonstrate ability in problem analysis and resolution
* Strong communication skills to be able to influence best practice at all levels of the organisation, with the ability to explain technical problems to non-technical business stakeholders at all levels
* Ability to build effective relationships to influence and negotiate business outcomes
* Experience of working with and presenting findings to Senior Stakeholders
* Hold recognised Cyber Security qualification (CISA, CISMP, CISM or equivalent).
* Knowledge of industry related frameworks such as ISO27001, PCI DSS
This role is based in Northampton and is a hybrid position with on average 2 days a week on-site.
The salary is between £50-£60k + Bonus + Package.