Information Security GRC Analyst

We are looking for someone to support the day-to-day running of an Information Security Management System and internal audit programme.

This is a great opportunity for someone with experience in cyber security, GRC, IT audit or information assurance who enjoys structure, documentation, compliance and working with stakeholders across the business.

You will help maintain a strong security posture and support compliance obligations across frameworks and regulations including ISO 27001, PCI DSS and DORA.

What you’ll be doing

You will support the ongoing operation and improvement of the ISMS, helping to ensure policies, controls, risks and audit activities are well managed and clearly documented.

Your responsibilities will include:

  • Maintaining ISMS documentation, including policies, procedures, version control and review cycles.
  • Planning, scheduling and conducting internal audits against ISO 27001 and other relevant frameworks.
  • Documenting audit findings and tracking corrective actions through to closure.
  • Maintaining the risk register and supporting risk owners with assessments, treatment plans and periodic reviews.
  • Collecting and maintaining evidence for certification audits, customer assurance requests and regulatory obligations.
  • Coordinating management review meetings, preparing reports and metrics, and recording actions and outcomes.
  • Supporting supplier and third-party risk activities, including issuing and reviewing questionnaires.
  • Helping deliver the security awareness and training programme, including tracking completion and exceptions.
  • Acting as a first point of contact for ISMS-related queries from across the business.

What we’re looking for

You will need:

  • Experience in cyber security, GRC, IT audit, information assurance or a similar role.
  • Working knowledge of core cyber security concepts, such as confidentiality, integrity and availability, access control, risk management, common threats and security controls.
  • Practical exposure to at least one recognised security or compliance framework, such as ISO 27001, PCI DSS, NIST CSF, Cyber Essentials or similar.
  • Strong organisational skills, attention to detail and a methodical approach to documentation.
  • Confident written and verbal communication skills, with the ability to engage technical and non-technical stakeholders.
  • Confidence using Microsoft 365 tools, including Word, Excel and SharePoint.
  • Experience using GRC, service management or ticketing tools.
  • A foundational cyber security qualification, such as CompTIA Security+, ISO 27001 Foundation or ISC2 Certified in Cybersecurity, or equivalent practical knowledge.

Desirable experience

It would be useful if you also have:

  • Experience supporting an ISO 27001-certified ISMS.
  • Familiarity with PCI DSS v4.0 and/or DORA.
  • ISO 27001 Internal Auditor or Lead Auditor training.
  • Experience in a regulated environment, such as financial services, insurance, technology, professional services or critical service providers.
  • Exposure to GRC platforms.
Apply Now
Apply Now

Job Details

Company
4Square Recruitment Ltd
Location
Droitwich Spa, England, United Kingdom
Posted