Senior GRC Analyst

Our client is a data software vendor going through hyper-growth and already a unicorn. As part of the ongoing commitment to improving the security of both the product range and overall business practices, we are supporting the hire of a Senior GRC Analyst to work directly with the Head of. Experience in SaaS companies is vital, including protecting cloud native environments.

What you will be doing

Governance

• Take a leading role in the development of existing and creation of new policies and procedures that constitute ISMS to help make security policy more accessible and understandable for various colleagues

• Contribute towards monthly security governance meetings by the submission of security metrics and collaborate on Governance meeting pack preparation work

• Manage the communication across the business, to ensure policies are well socialised and awareness is maintained

• Collaboratively work with teams across the business to help develop a clear understanding of the policies and information needed

• Formally track, review and reassess all exceptions to security policy which may arise within the business.

Compliance

• Support GRC Team commitments in Customer enquiries in relation to information security and data privacy

• Support external audits conducted in support of key information security certifications (SOC2, ISO27001, HIPAA)

• Drive continuous internal compliance efforts against said information security certifications through the design and execution of compliance audit procedures

• Provide guidance and consultative engagement with the business relating to security and privacy compliance

• Keep abreast of new developments in the Information Security and Data Privacy compliance and regulatory landscape

• Evaluate security incidents for violations of company policy and or privacy principles and where found ensure that corrective action is taken to prevent further instances

• Support the implementation and execution of a Vendor risk management program

Innovation

• Research novel approaches to ISMS and policy management frameworks

• Investigate new technologies and emerging industry practices which can help scale the function

• Optimise the GRC function through use of automation, in-house, commercial and open source solutions

What we are looking for

• Practical experience of developing, publishing and maintaining information security policies, standards and guidelines

• Experience in establishing Information Security Governance programmes in a startup environment

• Significant knowledge and experience with legal and regulatory compliance standards such as ISO27001, PCI-DSS, SOX, GDPR, HIPAA, CaCPA, etc.

• Excellent written and oral communication skills

• Strong understanding of fundamental information security concepts and technologies.

Desirable

• Experience within a cloud first business environment

• CISSP, CISM, CISA, or other relevant security-related designation

• Bachelor's degree or equivalent work experience

• Clear, demonstrable commitment to the Information Security Community

• Experience in Agile delivery environments

• Experience with risk management in both a compliance and security context