Marcus Donald are currently looking for a Governance, Risk & Compliance Analyst to join a large & Global Business Consulting firm. You will need to confidently perform third-party security vendor diligence and liaise with business / external stakeholders to perform assessments and identify risk.
**Hybrid role: 2 – 3 days per week in London office**
This is a great opportunity for an experienced GRC specialist to execute the companies heightened security processes. Someone with at least 2-3 years’ experience within security governance, risk and compliance is necessary, as the motivation and aptitude to learn and grow is a key feature.
Governance, Risk & Compliance Analyst – Responsibilities:
- Support daily activities of the GRC function
- Respond to client security questionnaires, RFP/RFI’s, and audit requests
- Ensure appropriate security measures are in place at the engagement level
- Supporting client questionnaires and audit requests
- Support performance of third-party supplier assessments
- Work closely with business stakeholders to align security measures within risk
- Support cybersecurity related initiatives as required
- Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities
Governance, Risk & Compliance Analyst – Technical:
- Strong understanding of security controls with the ability to effectively assess and communicate technical security requirements
- 2-3 years’ experience in security governance, risk, and compliance
- Strong experience responding to client/customer security inquires
- Broad and solid understanding of cyber security concepts and risks
- Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports
- Working knowledge of common audit and compliance tools. Experience with a GRC tool is a plus
- Strong analytical thinking, written, and oral communication skills
Governance, Risk & Compliance Analyst – Education:
- Bachelor’s degree – preferably in Information Security, Computer Science or related area
- Industry recognised certification in security (e.g., CISSP, CISA, CISM, CRISC, ISO27001)
This really is a great opportunity for the right person with that GRC, Risk Assessment and Security background to grow and establish themselves within a large and well-known organisation. If you feel you have relevant GRC experience (2-3 years), have the confidence to communicate with Business Stakeholders and deliver upon/perform third-party security vendor diligence please get in touch.
Should you want to find out more about the role, responsibilities and understand the company a little more, please apply or furthermore email firstname.lastname@example.org.