Information Security GRC Analyst

Location: City of London, London
Salary: £40000 - £60000 per annum
Posted: 10 days ago
Contract Type: Permanent
Industry: Information & Cyber Security
Contact Name: Fiona Prescott
Contact Email:

Information Security GRC Analyst

The purpose of the role is to support the Head of Information Security, ensuring the effective management of tasks and processes related to information security governance, risk and compliance. You will develop and manage control frameworks, create and maintain the infosec standards and look at risk remediation plans and best business practices.


* Develop and manage the information security risk register, evaluate security and privacy risks, risk remediation plans, balancing business drivers, best practices and external drivers
* Develop and manage the internal controls framework, linking information security risks to controls, defining metrics and capturing measurements
* Support the Data Protection team, managing technical controls and maintain a clear mapping to data protection risks
* Assist in the design of security controls and provide input to projects from the early stages of idea development
* Assist in the creation and maintenance of information security standards and technical specifications in collaboration with the Information Security Architect
* Produce insightful and high-quality management information for reporting into the Information Security Group and the Operations Committee
* Design audits of security capabilities, systems and processes to ensure compliance with operational standards and specifications, with a focus on automation and the reduction of manual gathering of metrics (eg patching levels, email security, encryption, data backup, remote access)
* Manage audit activities and be the main point of contact for internal and external audits
* Manage third party assurance activities of suppliers and affiliates

You will:

* Manage compliance control self-assessments and questionnaires from regulators, head office and customers
* Manage day-to-day operational security requests, such as information security approvals and policy exception management
* Oversee penetration testing services and track remediation activity
* Ensure that reported security incidents are logged, investigated, managed and escalated where appropriate
* Provide periodic security awareness training and education to the business

You will bring with you:

* Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies
* Experience in performing risk assessment and GITC audits
* Experience with compliance frameworks (ISO2001, NIST, SOX)
* Experience with advanced Microsoft Excel functions
* Good understanding of security sub-systems (eg firewalls, IDS/IPS, DLP)
* Good understanding of public cloud services (eg AWS, Azure)
* Experience with creating and managing information security awareness programs
* Strong interpersonal and consultative skills
* Excellent organisational skills
* Desirable certifications: CISSP/CISA/CRISC/CISM/CIPP
* To be aware of and comply with the relevant rules and regulations in relation to financial crime & conduct

Similar Jobs