Governance Risk and Compliance Analyst
Park Place Technologies, Birmingham
Governance Risk and Compliance Analyst
Salary Not Specified
Park Place Technologies, Birmingham
- Full time
- Permanent
- Onsite working
Posted 2 weeks ago, 6 Nov | Get your application in now before you miss out!
Closing date: Closing date not specified
job Ref: 79164e32991e4ad3b77ea268cf74afdf
Full Job Description
As a Governance Risk and Compliance (GRC) Analyst, you will be responsible for ensuring ISO27001 and SOC2 compliance by conducting regular assessments and audits, staying informed about US and UK regulatory requirements, and aligning organizational services with relevant standards. Additionally, you will streamline GRC activities through scripting and automation using tools like PowerShell and Vscode, leveraging DevOps Pipeline for automation efforts. Your role includes conducting internal reviews to identify risks and non-compliance, analysing information metrics, and translating insights into actionable measures. You will contribute to process improvement within the Secops Team, evaluate third-party vendors for compliance, complete customer security surveys, and stay abreast of industry best practices and trends impacting the organization's risk stance.,
- Ensure adherence to ISO27001 and SOC2 standards, conducting regular assessments, audits, and reviews to maintain compliance. In addition, stay abreast of US and UK regulatory requirements, including GDPR, DPA 2018, NIST, DFARS, FARS, and other relevant standards, associated with the organisations service portfolio in scope of the ISO27001 and SOC2 requirements.
- Develop efficient processes and automate where possible whilst streamlining GRC activities using such tools as PowerShell and Vscode. Leverage the Devops Pipeline platform compute functions to support automation efforts.
- Conduct comprehensive internal audits, policy / process / Identity Access management reviews to identify potential risks and areas of non-compliance with the ISO27001 and SOC2 requirements associated with End and 3rd Party Users including outsourced contractors.
- Prepare and organize evidence for, and participate in, annual internal and external audits of standards, including ISO 27001 and SOC2
- Conduct regular analysis of information metrics and translate findings into actionable insights.
- Contribute to the development and enhancement of processes and procedures to strengthen security and compliance measures within the Secops Team.
- Evaluate and review third-party vendors for compliance with security and regulatory standards.
- Complete customer security survey requirements to demonstrate the organisation ability to protect customer information as is relevant to customer scoped services.
- Remain appraised of industry best practices for IT services provided, staying informed about industry trends which may impact the risk stance of the organisation.
1-2 years of relevant experience in IT compliance within an IT service organisation focusing on working with the ISO27001 and SOC2 frameworks. - Experience working within an auditing role.
- Strong organizational, project management and process analysis skills.
- Ability to effectively work and interact with customers and team members.
- Ability to effectively manage multiple assignments and priorities.
- Ability to effectively communicate both orally and in writing.
- Demonstrated understanding of Risk management within an information security Management System.
- Technical knowledge of enterprise IT systems, operating systems, and networks.
- Experience with basic scripting and query creation.
- Demonstrable understanding or global standards such as ISO9001, NIST, DFARS, FARS, GDPR, DPA 2018 and PCI-DSS., Bachelor's degree required.
- Relevant security related certifications a plus: CISSP, GCIA, GSEC, GCIH, GCED, GCFA, GREM.
- Relevant certifications for RISK management frameworks for IT systems.
- Relevant auditing certification for an IT based framework
- Experience in information technology or security desired.
- Experience with Microsoft security technologies
- Experience in any of the following applications
- Rapid7 InsightVM, scripting, (PowerShell, Python etc), Rapid7 AppSec, Bitsight, Microsoft Sentinel (SIEM), Risk management tools (OnSpring), SharePoint, Power BI or other data analytics tools
Relevant jobs
- IT / Telecommunications Jobs in Aldridge, Walsall
- IT / Telecommunications Jobs in Bilston, City of Wolverhampton
- IT / Telecommunications Jobs in Birmingham
- IT / Telecommunications Jobs in Bloxwich, Walsall
- IT / Telecommunications Jobs in Brierley Hill, Dudley
- IT / Telecommunications Jobs in Bromsgrove
- IT / Telecommunications Jobs in Brownhills, Shropshire
- IT / Telecommunications Jobs in Coventry
- IT / Telecommunications Jobs in Dudley, North Tyneside
- IT / Telecommunications Jobs in Evesham, Worcestershire
- IT / Telecommunications Jobs in Great Malvern, Worcestershire
- IT / Telecommunications Jobs in Halesowen, Dudley
- IT / Telecommunications Jobs in Hereford
- IT / Telecommunications Jobs in Kidderminster, Worcestershire
- IT / Telecommunications Jobs in Leigh, Wigan
- IT / Telecommunications Jobs in Leominster, County of Herefordshire
- IT / Telecommunications Jobs in Ludlow, Shropshire
- IT / Telecommunications Jobs in Malvern Link, Malvern Hills
- IT / Telecommunications Jobs in Oldbury, Shropshire
- IT / Telecommunications Jobs in Rowley Regis, Sandwell
- IT / Telecommunications Jobs in Smethwick, Sandwell
- IT / Telecommunications Jobs in Solihull
- IT / Telecommunications Jobs in Stourbridge, Dudley
- IT / Telecommunications Jobs in Royal Sutton Coldfield, Birmingham
- IT / Telecommunications Jobs in Tipton, Sandwell
- IT / Telecommunications Jobs in Walsall
- IT / Telecommunications Jobs in Wednesbury, Sandwell
- IT / Telecommunications Jobs in West Bromwich, Sandwell
- IT / Telecommunications Jobs in Whitehaven, Cumbria
- IT / Telecommunications Jobs in Wolverhampton
- IT / Telecommunications Jobs in Worcester