GRC Information Security Analyst

GRC - Information Security Analyst Permanent role offering £50,000 - £60,000 + Excellent Benefits Hybrid working, with 2 days onsite in the office per week in Hatfield About the company Great opportunity to join this unique employer on their journey to transform the future of transport & logistics through innovation and automation. They are establishing as one of the leaders in the UK, producing robotics and IoT, cloud platforms, big data, machine learning, software development, and AI technologies. They are a fast-growing company with 7 development centres across the UK & Europe. What you will be doing As the Information Security Analyst, you will be joining an 8-person Information Security team covering all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration. You will be conducting risk assessments and producing documentation in line with PCI DSS, ISO27001, and SSAE18/SOC2. What will you do? Creating and regularly revising information security documents, policies, processes, and procedures as required. Working closely with business stakeholders and project teams to understand, scope, and define security requirements. Developing control testing strategies to ensure our security controls are meeting their objectives. Performing internal security and vendor risk assessments. Supporting Data Protection activities as required. Assisting the Information Security teams and Business functions in maintaining security certification which include PCI DSS, ISO27001, and SSAE18/SOC2 attestation. Providing effective reporting to the Group Information Security Manager of trends, audit findings, and risk ratings. Supporting operational aspects of GRC. What we are looking for: Experience of working in an Information Security role dealing specifically with governance, risk, and compliance areas. Prior experience writing Information Security related Policies, Processes, and Procedures. Experience managing internal and third-party vendor risk assessments and writing risk assessment reports. A track record of effectively analysing security controls, while understanding the risk of certain controls not being in place. Knowledge of Vendor Risk Management tools such as OneTrust. Knowledge of current information security standards, frameworks, and regulations such as ISO27001, NIST, SSAE16/18/SOC 2, PCI-DSS, GDPR. Experience in software operational security or working in a SaaS environment. Working towards (or already have) any of CISA, CRISC, or CISM certifications. Not required, but nice to have: Any of the following: CISA, CRISC, or CISM certifications. Role comes with a great benefit package, some to mention: ‘Work from anywhere’ policy + Remote working for the month of August. 25 days annual leave, rising to 27 days after 5 years service (plus optional holiday purchase). Pension scheme with employer contribution matching up to 7% + Private Medical Insurance. Opportunity to participate in Share save and Buy as You Earn share schemes. Income Protection (can be up to 50% of salary for 3 years) and Life Assurance (3 x annual salary). Seniority level:

Mid-Senior level Employment type:

Full-time Job function:

Information Technology, Strategy/Planning, and Other Industries:

Technology, Information and Media, Security and Investigations, and IT Services and IT Consulting.

#J-18808-Ljbffr