Security Analyst - Governance, Risk, and Compliance
Our client, a global reinsurance firm, seeks a talented security engineer to take ownership of their third party vendor assessment program. They will also assist with various cyber governance, risk, and compliance (GRC) areas, including: client due diligence, security awareness, regulatory response, audit remediations, security controls strategy, and other ad-hoc projects.
- Manage the third party vendor assessment process by reviewing questionnaires including SOC 2 reports and ISO 27001 certifications. Validate the existence of the vendor’s controls by reviewing evidence and lead any possible remediation efforts where a vendor’s controls are deficient. Ensure that internal business partners are aware of any risks and work with Legal when certain control requirements need to be included into contracts. Prioritise, track, and report out on progress status, issues, and challenges on a regular basis for executive reporting.
- Be actively aware and participate in other GRC activities so that you can ensure continuity of the activities in times of demand.
- Research security controls and be able to translate the technical and non-technical aspects to key stakeholders for various IT platforms and solutions. Ensure that the controls are deployed in alignment with the Security Team’s goals by partnering with Infrastructure and Engineering.
- Provide cyber hotline coverage for the Eastern Standard Time zone which includes responding to general cyber questions, analysing reported emails, and escalating high priority events.
Technical Experience and Qualifications
- A bachelor’s degree in Cyber Security, Information Technology, or a related field
- 2 - 5 years of experience in Governance, Risk, & Compliance within Information Security
- A solid understanding of the interplay between Information Security, Infrastructure, and Engineering
- Audit-like mindset to uncover control gaps and areas for improvement
- Experience working in a global and matrixed organisation across functions and geographies
- Ability to keep meticulous records of activities performed
- Nice to have PowerShell, Python, and VBA, but not essential
- CompTIA Security+ or similar certification (E.g. CySA+, CISSP, CISA, CISM, CEH, GISF) preferred.
To apply for this role, either contact Olly at email@example.com, or fill in the form below and he will receive your application.
Apply for this role
All fields marked with * are required.