GRC Analyst

SUMMARY:
Our client, a Global manufacturing concern, currently seeks an experienced Security Governance, Risk and Compliance (GRC) Analyst. Reporting to the GRC Manager, you will work closely with Senior Management and execute a compliance strategy focused on mitigating cyber-security risks.

POSITION INFO:
Minimum Job Requirements:

• Security expert with, aligned industry qualification (CISSP, CISM, CRISC).
• Experience in performing security assessments against frameworks such as ISO27001, NIST CSF, CIS, GDPR, etc.
• Proven track record in data security and governance.
• Experience of risk management principles, implementing risk frameworks and executing security risk assessments based on security best practices (e.g., ISO 27005, ISO3100, etc.) across large, Global businesses.
• Good understanding of IS risks, issues and controls associated with IT systems, networks and applications that are commonly encountered within a large Global organisation.
• Experience in performing audits over IS processes and controls.
• Extensive travel required into Africa operations.

• Ability to develop and co-ordinate programmes of work across multiple divisions, functions, and business units.
• Previous experience of working with Legal, Audit and Compliance teams.
• Excellent verbal and written skills, including the ability to draft concise, and accurate reports.
• Experience of project delivery processes/methodologies and ensuring data security by design.
• Strong team building, leadership, motivation and communication skills to work as an effective member of the GRC team.

• Thought leadership, influences, and delivers Cyber Risk Assurance.
• Plan and execute assessments against industry best-practice frameworks (NIST, ISO, etc.).
• Plan and execute compliance assessments of Group IS policy.
• Accountability to the operational areas, owners of risk and suppliers to deliver against the Group Cyber-Security (GCS) strategy, programmes, and requirement.
• Support the creation and implementation of an enhanced Cyber Risk Management framework for the Group.
• Work closely with the GRC Manager and key stakeholders to support businesses in identifying, assessing, and managing their cyber risks.
• Ensure consistent and continual alignment to the business and GCS strategy through oversight of a Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting.
• Monitor and drive rollout of the cyber governance, risk, and compliance programme for information security.
• Support the collation of cyber risks for reporting to the Board.
• Support the maintaining of information security policy set for the Group. Work closely with the Head of GRC and GRC Manager to continuously improve Group IS policies and guidelines.
• Support the adoption and maintenance of a GRC platform.
• Advise on exceptions to Group information security policies. Track/approve exceptions which impact multiple BUs or present a risk to the Group.
• Provide support, advice and guidance to Group businesses to help them maintain robust IS controls to protect restricted and confidential data.
• Support the businesses in performing post incident reviews for impactful incidents across the Group, ensuring that a detailed analysis of root cause, detection, response, and recovery activities is performed appropriately.
• Help facilitate workshops with the incident response teams to identify areas for improvement, applying lessons learned across the Group.
• Support the facilitation of crisis simulations and help the businesses prepare for a major incident.
• Monitor Global information security trends, technologies, and regulations to ensure these are considered in Group initiatives and business unit programmes to protect data.
• Work with Group Legal to understand the IS implications of new legislation and support businesses to ensure appropriate programmes of work are in place to respond.
• Lead or support Group initiatives to help businesses address common areas of risk and avoid a duplication of effort.