Senior Information Security GRC Analyst

Posted 4 days 6 hours ago by GUARDIAN NEWS AND MEDIA

Permanent
Full Time
Other
London, Islington, United Kingdom, N1 9GU
Job Description

Join our team at the Guardian and be a part of a diverse and inclusive global organisation that delivers fearless, investigative journalism, and holds power to account. Our team of award-winning journalists, cutting-edge commercial professionals, and industry-leading digital experts are committed to making a difference and represent a wide range of backgrounds and perspectives.

Are you ready to shape the future of information security?

We're seeking a Senior Information Security GRC Analyst to join our dynamic team. This pivotal role will enable you to lead GRC efforts, ensuring that our organisation stays secure, compliant, and resilient in a rapidly evolving threat landscape. As a trusted expert, you'll collaborate with teams across the business to embed security at the core of everything we do.

If you're passionate about building robust security frameworks, managing risks, and making an impact, we want to hear from you!

About the Role

Governance:

  • Support the design, delivery and maintenance of the security policies, standards and procedures, aligning with organisational objectives and regulatory requirements.
  • Implement and manage industry standard governance frameworks, ensuring consistent practices across the business

Risk Management:

  • Deliver Information Security risk management and compliance activities, advising business functions on best practice across the Information Security risk management lifecycle.
  • Conduct Information Security risk assessments including the periodic enterprise risk assessments, and those in response to new products, change programmes, and emerging risks.
  • Support third-party risk assessments to ensure vendor compliance with organisational security standards

Compliance:

  • Ensure ongoing compliance with regulations like GDPR, PCI-DSS, while supporting audits and assessments
  • Perform Information Security controls testing and assessment

Awareness:

  • Support the design and delivery of engaging security training programs to promote and champion a culture of security across the organisation.
  • Deliver Information Security risk management and compliance activities, advising business functions on best practice across the Information Security risk management lifecycle

Reporting:

  • Support reporting against defined key performance indicators ('KPI's) for Information Security risk management and compliance.
  • Develop actionable reports and dashboards on risk and compliance status, and key metrics for senior stakeholders

About You

  • Experience in Information Security risk management and controls knowledge, in line with standard security frameworks, to deliver risk assessments, risk management, controls design, and controls assurance.
  • Professional certifications such as CISM, CISSP, CRISC or ISO 27001 Lead Implementer is a benefit but not essential
  • Experience with industry standard information security management frameworks such as NIST, ISO 27001, PCI-DSS, OWASP
  • Ability to understand emerging security threats and design information security controls in response to these threats
  • Strong knowledge of risk management principles and best practices
  • Excellent communication skills to engage both with both technical and non-technical audiences
  • Analytical mindset with high level of attention to detail
  • Proficiency with GRC tools is desirable

We operate in a hybrid working model, with a mix of office based and remote based working. You'll be expected to come into our London Kings Cross office 3 days a week.

How to Apply

To apply, please upload your latest CV.

The closing date for applications is Tuesday 3rd December 2024.

Benefits & Policies

We offer 30 days annual leave plus bank holidays. Our pension scheme is generous; if you contribute 5% then we will contribute 8-12% (depending on your age).

You are entitled to life cover, income protection, sick pay and eye tests. You can also opt in to dental insurance.

We have enhanced maternity, paternity, adoption and shared parental leave policies in place. We also support our employees by offering an IVF, menopause, baby loss, and trans equality policy.

Culture & Wellbeing

We want everyone to feel like they belong at the Guardian and we champion diversity of thought. Our various employee forums provide a platform to use their voice to foster an inclusive workplace.

We offer great tools to help you prioritise your wellbeing including free yoga and pilates. These run alongside our corporate gym membership and cycle to work scheme.

Learning & Development

We encourage personal and professional growth. Employees have access to a broad range of tools and solutions, and we are happy to support the pursuit of professional qualifications through vocational courses and apprenticeships.

Our Working Environment

We take pride in our surroundings and are pleased to offer versatile meeting rooms and colourful communal areas. We have a brilliant canteen that caters to breakfast, lunch and dinner, with views overlooking Regent's Canal.