GRC Analyst6 monthsHybrid – 2 days per week in Cambridge£550 – £600 per day Inside IR35My client is looking to hire a skilled GRC Analyst to collaborate with business stakeholders, customers, and suppliers in identifying and managing risks through ServiceNow’s IRM module.The ideal candidate will have experience transforming GRC departments and supporting ongoing business activities.Key Responsibilities:
Support stakeholders in risk assessments and compliance, ensuring understanding of security frameworks like NIST CSF and 800-53.
Drive transformational changes in the Technology and Security Risk program to meet evolving regulatory needs.
Build and maintain an effective third-party risk assessment program.
Develop strong relationships with stakeholders, partners, and vendors, supporting meetings and project management activities as needed.
Present clear, professional risk reports to executives, highlighting critical risks and treatment plans.
Collaborate with internal partners to identify security risks, assign risk owners, and develop management action plans.
Create Standard Operating Procedures (SOPs) for risk assessments, third-party assessments, and security governance workflows.
Implement corrective actions to address identified deficiencies and monitor progress.
Utilise ServiceNow IRM to build and manage GRC processes.
Ensure accuracy of information on accountable technology, including process maps, training documents, and contract details.
Key Skill:
Security certifications (e.g., CISSP, CISM).
Experience in assessing security risk controls and safeguarding data.
Strong communication skills, able to explain complex security concepts to diverse audiences.
Experience with security and privacy controls in large enterprises and cloud environments.
Ability to manage multiple projects simultaneously, focusing on impactful outcomes.
Collaborative mindset, working effectively with both technical and non-technical teams.
Preferred Qualifications:
Hands-on experience with security in public cloud services (AWS, Azure, Google).
Familiarity with technical security controls, procedures, and systems (e.g., Email Security, AV, EDR, Firewalls).
Experience with Configuration Management Database (CMDB).
Knowledge of security standards and audit requirements (e.g., NIST CSF, ISO 27001, PCI DSS, SOC 2 Type 2).
Expected salary
£550 – 600 per day
Location
Cambridge
Job date
Sun, 01 Sep 2024 06:54:08 GMT
To help us track our recruitment effort, please indicate in your email/cover letter where (hiring-jobs.com) you saw this job posting.