Role: GRC Analyst - Location: London - Salary: £55,000+
Are you an ambitious InfoSec analyst looking for a new challenge? A reputable Financial Services company is looking for a GRC analyst to join the dedicated Information Security team in London. The GRC Analyst requires a strong understanding of security controls with the ability to effectively assess and communicate technical security requirements to teams across the firm. You will support cybersecurity related initiatives as required.
• Demonstrated expertise in implementing risk frameworks and applying risk management principles.
• Ensure continuous alignment with business strategy through oversight of the IT General Controls framework activities, and processes.
• Work with multiple process owners and risk leads to perform gap analysis and risk assessments to propose strategies on risk remediation.
• Support on the wider GRC function such as 3rd party risk and supplier due diligence.
• Regular reporting on GRC key risk and key performance indicators, including regular review of remediation activities.
• Engaging with stakeholders across the business, including learning and development teams and senior stakeholders to define and communicate key cyber security culture and awareness training
• Support teams on the provision of evidence and communication with auditors.
• Work to ensure risks are managed within risk appetite and findings are closed within an agreed timeframe.
• Support alignment and reviews of our maturity against security frameworks as agreed with the CISO, such as NIST CSF and ISO 27001.
• Broad and solid understanding of cyber security concepts and risks.
• Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports.
• Demonstrable knowledge in the assessment of third-party suppliers.
• Experience in drafting security policies and procedures
• Strong analytical thinking, written, and oral communication skills.
• Effective communication skills, both written and verbal.
• Ability to plan, take ownership, organise and follow through on assigned tasks and complete with little or no prompting from management.
Locke & McCloud are the UK’s leading cyber security & information security staffing company – through having a sole focus on the cyber & information security space we have been able to foster solid relationships with some of the UK’s most exciting cyber security consultancies & end users. Our focus on the information security space allows us to be able to help you find the most exciting opportunities in the cyber security market. If you are on the lookout for your next cyber security or information security role, please get in touch.