Governance, Risk and Compliance (GRC) Analyst - ISO27001 - SOX - Audit

Kingston-Upon-Thames, Surrey (3 days per week in the office)

My client, a successful UK based company are looking for a GRC Analyst to join them on a permanent basis.

Working in a small Information Security team this responsible role involves supporting the operation, maintenance and maturity of the Information Security program.

Duties and responsibilities will include:

• Ensuring the protection of information assets and technologies
• Contribution to completion of security related audits such as ISO27001, ISO27017, NIST-CSF, IASME Governance, SOX
• Conduct and document internal audits
• Manage Third Party Risk Management (TPRM) including vendor security programme reviews,
• Contribution to Subject Access Request and eDiscovery processes

You will need:

• Extensive Information Security Governance, Risk and Compliance (GRC) experience as well as InfoSec Operations experience
• Experience contributing to an Information Security Management System (ISMS) certified to ISO27001 standards
• Good knowledge of the Cyber Essentials Plus Scheme as well as UK & EU General Data Protection Regulation (GDPR) and the Data Protection Act (2018)
• The ability to work autonomously and as part of a team, excellent communication skills

Advantageous certifications

• ISO/IEC 27001 Lead Implementer
• ISO/IEC 27001 Internal Auditor
• Security+
• CISM / CISSP

This is an excellent opportunity within a stable organisation dedicated to IT Security.

Governance, Risk and Compliance (GRC) Analyst - ISO27001 - SOX - Audit

Kingston-Upon-Thames, Surrey (3 days per week in the office)