Security GRC Analyst

The Audit & Risk Recruitment Company are working with a FTSE 100 Retail and Food business to support them in finding a Security GRC specialist.

The Security GRC Analyst will support the Senior Security GRC Manager in defining and maintain information security policy set for the group. The GRC Analyst will provide support, advice and guidance to help businesses to achieve their risk and compliance objectives. They will support the group iniatives to help businesses address common areas of risk and avoid duplication of effort. This will include, but is not limited to:

• Third party risk assurance -Identifying and assessing third party connections against the company information security policies.
• Unstructured data -Developing approach and framework to support businesses identify and manage unstructured personal data, including the adoption of new tooling.
• Monitoring global information security trends, technologies and regulations - Ensuring these are considered in Group initiatives and business unit programmes to protect data.
• Perform post incident reviews for impactful incidents across the group - including a detailed analysis of root cause, detection, response and recovery activities. Facilitate workshops with the incident response teams to identify areas for improvement, applying lessons learned across the group.

Candidates should have IT Audit/IT Risk expeirence, with some experience in Security Controls, processes and policies. Experience of IT risk management principles as they relate to data protection within a large global organisation is also required. Candidates can have Consultancy and/or Industry experience.