Hays Technology are looking for 2 x Principal GRC Analyst’s to join an established financial services organisation based in Nottinghamshire.
What you’ll be doing:
You will be responsible for ensuring the robust assessment and analysis of the information security risk assessment of external suppliers.
Working closely with the Security Architecture and Technology Change teams to ensure adequate controls are adhered to when onboarding new vendors.
- Responsible for conducting timely security impact assessments of third party suppliers recording results accurately and initiating appropriate assurance response.
- Responsible for the production of high quality, informative and accurate reports in respect of third party assurance assessments.
- Provide advice and guidance to stakeholders on Information Security Minimum Requirements.
- Provide advice to Information Security related briefings and Threat Management Groups.
- Participate in and contribute to Information Security forums and bodies. Assist in the improvement of risk management and Information Security controls within the Group.
- Ensure all activity is compliant with NIST, GDPR and other Financial Services relevant legislation including CPMI IOSCO.
- Contribute to the collection and management of KRIâ€™s and MIâ€™s.
- Ensure assurance portfolio of third party suppliers remains full and current
- The role is expected to be a part of a global Team and will be seen by management as a trusted partner in a ‘high support and high challenge’ relationship.
- Ongoing third party security assessments
- Third party security risk reporting and metrics
What you’ll need to succeed:
- Understanding and working knowledge of control frameworks based on industry best practices such as NIST, COBIT, and ISO27001.
- IT and cybersecurity policies and standards
- Operational risk frameworks
- Third Party Risk Frameworks
- Regulatory compliance
- Data protection
- Technology & Cyber Security
- Objective analysis of poorly defined problems
- Proficient understanding of financial institutions and underlying business processes
- Third Party Risk Management leadership
- Partnership and influence
- Negotiation and Partner management
- Technological, organisational and/or operational change management
What you need to do now
If you’re interested in this role, click ‘apply now’ to forward an up-to-date copy of your CV, or call us now.
If this job isn’t quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career.
To apply for this job please visit www.cybersecurityjobsite.com.