Operations
·
Remote
·
Fully Remote
Information Security Governance, Risk and Compliance (GRC) Analyst
Reporting to VP Growth, the role works closely with across cross-functional teams assisting in managing information security risks. The role is crucial in several areas such as assisting in promoting and enhancing information security awareness across Cognassist, policy management, ensuring information security controls are operating effectively via assessment and attestation, and providing assurance to clients of security controls.
Responsibilities
- Maintain, develop and improve policies, procedures and guidelines.
- Identify and assess information security risks and prioritise risk mitigations.
- Work closely with the executive team and other stakeholders to align the risk management strategy with business objectives and goals.
- Perform risk assessments, vulnerability testing and manage incident response plans.
- Provide expertise and guidance to internal and external stakeholders on all aspects of information security, including risk management, security assurance, security architecture and security operations.
- Oversee the implementation and monitoring of security controls across the organisation, ensuring compliance with industry standards such as ISO 27001 and Cyber Essentials.
- Provide oversight of the supply chain management.
- Foster a culture of security awareness and compliance through training programmes, communication campaigns and regular engagement with employees and stakeholders.
- Collaborate with other teams in the development and implementation of security measures, including security architecture, security operations and security analytics.
- Oversee the selection of third-party vendors and partners to manage risk related to service level agreements and information security risks.
- Establish and maintain effective communication channels with senior management, other internal teams and external stakeholders, including customers, regulatory bodies and auditors.
- Provide regular reports on the status of the information security risk management programme to the Exec and the Board.
- Provide oversight of ISO 9001 and ISO 13485 compliance.
- Other duties as and when required
Required Skills & Experience
- 3+ years' experience in information security risk management, ideally within a large or highly regulated organisation.
- Proven experience developing and implementing information security risk management strategies.
- Strong knowledge of information security frameworks, including ISO 27001 and Cyber Essentials.
- A working knowledge of ISO 9001 would be advantageous.
Key Competencies
- Ability to think strategically and communicate effectively with senior executives.
- Strong analytical skills, with experience using data-driven metrics for evaluating risks and measuring programme effectiveness.
- Excellent interpersonal and communication skills.
Qualifications
- Professional certifications such as CISM, CISA, CISSP, CRISC or similar are highly desirable.
- Department
- Operations
- Locations
- Remote
- Remote status
- Fully Remote
Uniqueness is a superpower
- Our culture really matters to us at Cognassist.
- We know our vision of creating a more inclusive world, starts with us.
- Our commitment to inclusion across race, gender, age, religion, identity, and experience drives us forward every day. We welcome candidates from all walks of life.
- We’re committed to authentically investing in our people.
- We provide our teams with the best possible benefits, the latest tools, and nurturing environments to work in.
- We always strive to empower people to do their best work and deliver real impact.
Operations
·
Remote
·
Fully Remote
Information Security Governance, Risk and Compliance (GRC) Analyst
Loading application form
Already working at Cognassist?
Let’s recruit together and find your next colleague.