Our client, a leading Insurance organisation, is looking for Governance, Risk & Compliance Analyst to join their team.
This is a contract position based in Guildford running for an initial 3 months.
The Information Security Governance, Risk and Compliance (GRC) team has the responsibility for oversight of ensuring alignment and adherence to the Information Security Framework, and the regulatory and legal requirements.
This analyst role will support this mandate by providing information assurance reviews, risk analysis and governance functions supporting all business areas within the company. With relevant training and mentoring you will be seen to become a subject matter expert in GRC, mentoring and educating other team members in your skill areas.
This role would be suitable for someone with an analytical mind and good customer interfacing skills. The role is not specifically technology focused, but a fundamental understanding of application design, networking infrastructure, database design, system analysis, or any computer science related discipline would be very beneficial.
This position is more aligned with 2nd Line of Defence - there is a separate team within the business whose focus is predominantly Information Security, Analysis and 1st Line of Defence (managing logs etc).
- Assist in compliance activities including PCI DSS & ISO27001
- Assist in assessing emerging threats and developing strategies based on these threats
- Create, disseminate and update Governance, Risk and Compliance documentation
- Assist in the Information Security auditing process
- Promoting Information Security awareness and training initiatives
- Review and analyse compliance activities and report to the Information Security Manager
- Develop relationships with business and IT managers to support enterprise objectives, influence key stakeholders and jointly develop Information Security GRC strategies
- Assist where necessary in the annual review and update of all Information Security standards and policies in the Group Information Security Framework
- Assist in providing a Governance framework to ensure that the client remains compliant with Group policies and best practice guidelines
- Monitor, analyse and report on information security based management metrics
- Help in compiling Information Security scorecard's and MI/Metrics
- Varied expertise around Governance, Risk and Compliance
- Good understanding of risk assessments
- Experience dealing with offshore third party complex support and infrastructure
- Customer facing experience
- Audit reviews and remediation monitoring
- Experience of PCI DSS & ISO would be beneficial
- Financial Services background would be a huge advantage
- MI experience is highly desirable
At least one of the following certifications is highly desirable:
- ISO 27001:2013
Interested candidates should submit their CV in the first instance. For more information please contact Gemma Grayson on 0161 924 3949.