Information Security GRC Analyst
Contract type:
Full time
Hours:
40 hours per week, Monday to Friday
Location:
Remote based role with travel as required to Nuneaton or Oxford
Salary:
£35,000 per annum, plus 22 days holiday rising, pension, life assurance, employee assistance programme, wellbeing support, and flexible benefits scheme
About the Job
Relationships mean everything to us, and this one is particularly special. You'll collaborate with stakeholders, assisting in the coordination of ISO 27001 audits, reviewing, monitoring and resolving findings.
Here at Unipart, we don't just have a way of working, we have The Unipart Way. It allows everyone in our team to pursue their own personal and professional goals to a world class level, through Unipart's ‘From Gate to Great' training and development program.
As a GRC Analyst you will support the team to undertake internal ISO27001 audit and compliance activities. You will also drive the quality, consistency, continual improvement and documentation of the ISMS. This role provides an opportunity for growth and will suit an individual eager to progress, supported by an experienced team.
As part of your key responsibilities you'll:
- Ensure Unipart meets its information security obligations in line with ISO 27001 through the selection and implementation of required controls and maintenance of the ISMS Audits
- Conduct internal information security audits and reviews to include policy and contractual compliance and manage the remediation activities
- Ensure the compliance calendar is current and the assigned activities are instigated and tracked through to completion
- Act as the point of contact for client IT audits, coordination of the audit lifecycle from opening meeting to resolution of non-conformances
- Manage 3rd Party supplier audits for Information Security and associated risks
- Support quality risk reviews to ensure that risks are up to date and relevant
- Maintain the status of Internal audits and audit findings, ensuring findings have treatment plans and target resolution dates
- Maintain records of audit requests and responses in the correct platforms
- Proactively seek out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
- Share and report on findings with managers to ensure overview and remediation
About You
We'd love you to have the following skills and experience, but please apply if you think you'd be able to perform well in this role!
- Previous experience within a GRC function, IT Security/Cyber team, Internal Audit or an IT environment
- Experience working with ISO Standards and/or security frameworks such as ISO 27001/Cyber Essentials / NIST / ISO 27005 / DPA 2018 / PCI DSS / ISO 22301
- Experience of risk management methods, identifying, describing, and logging of risks
- Experience of working with risk management frameworks
- Ability to build relationships to influence and guide stakeholders and peers on compliance activities
- Excellent people skills including good written, oral, and interpersonal communication skills
- Good report writing and presentation skills
- Understanding of applicable legal and regulatory requirements
- Strong analytical and problem-solving abilities
- ISO 27001 Auditor qualification, equivalent experience or willing to obtain
Our recruitment and selection process has been developed to ensure that it is consistent, fair and provides equality of opportunity - all selection decisions are based solely on technical and behavioural competencies. We do not discriminate on the grounds of race, colour, or nationality, ethnic or national origins, sex, gender reassignment, sexual orientation, marital or civil partnership status, pregnancy or maternity, disability, religion or belief, age or any other current or future protected characteristic as defined in the current Equality Act of England and Wales. As an organisation we also promote an environment which encourages diversity of characteristics and thought, where you feel included, safe and confident to be the best version of yourself and do your best work every day.
You may have experience in the following: Information Security Analyst, IT Auditor, Security Analyst, GRC Specialist, Internal Audit Analyst, Compliance Analyst, etc.
REF-214 532