Our client is a data software vendor going through hyper-growth and already a unicorn. As part of the ongoing commitment to improving the security of both the product range and overall business practices, we are supporting the hire of a Senior GRC Analyst to work directly with the Head of. Experience in SaaS companies is vital, including protecting cloud native environments.
What you will be doing
Take a leading role in the development of existing and creation of new policies and procedures that constitute ISMS to help make security policy more accessible and understandable for various colleagues
Contribute towards monthly security governance meetings by the submission of security metrics and collaborate on Governance meeting pack preparation work
Manage the communication across the business, to ensure policies are well socialised and awareness is maintained
Collaboratively work with teams across the business to help develop a clear understanding of the policies and information needed
Formally track, review and reassess all exceptions to security policy which may arise within the business.
Support GRC Team commitments in Customer enquiries in relation to information security and data privacy
Support external audits conducted in support of key information security certifications (SOC2, ISO27001, HIPAA)
Drive continuous internal compliance efforts against said information security certifications through the design and execution of compliance audit procedures
Provide guidance and consultative engagement with the business relating to security and privacy compliance
Keep abreast of new developments in the Information Security and Data Privacy compliance and regulatory landscape
Evaluate security incidents for violations of company policy and or privacy principles and where found ensure that corrective action is taken to prevent further instances
Support the implementation and execution of a Vendor risk management program
Research novel approaches to ISMS and policy management frameworks
Investigate new technologies and emerging industry practices which can help scale the function
Optimise the GRC function through use of automation, in-house, commercial and open source solutions
What we are looking for
Practical experience of developing, publishing and maintaining information security policies, standards and guidelines
Experience in establishing Information Security Governance programmes in a startup environment
Significant knowledge and experience with legal and regulatory compliance standards such as ISO27001, PCI-DSS, SOX, GDPR, HIPAA, CaCPA, etc.
Excellent written and oral communication skills
Strong understanding of fundamental information security concepts and technologies.
Experience within a cloud first business environment
CISSP, CISM, CISA, or other relevant security-related designation
Bachelor's degree or equivalent work experience
Clear, demonstrable commitment to the Information Security Community
Experience in Agile delivery environments
Experience with risk management in both a compliance and security context