Hybrid - GRC Analyst (3rd Party) - London
Hays Technology are looking for a GRC Analyst to join an established financial services organisation based in London.
What you'll be doing:
You will be responsible for ensuring the robust assessment and analysis of the information security risk assessment of external suppliers.
- Working closely with the Security Architecture and Technology Change teams to ensure adequate controls are adhered to when onboarding new vendors.
- Responsible for conducting timely security impact assessments of third party suppliers recording results accurately and initiating appropriate assurance response.
- Responsible for the production of high quality, informative and accurate reports in respect of third party assurance assessments.
- Provide advice and guidance to stakeholders on Information Security Minimum Requirements.
- Provide advice to Information Security related briefings and Threat Management Groups.
- Participate in and contribute to Information Security forums and bodies. Assist in the improvement of risk management and Information Security controls within the Group.
- Ensure all activity is compliant with NIST, GDPR and other Financial Services relevant legislation including CPMI IOSCO.
- Contribute to the collection and management of KRI's and MI's.
- Ensure assurance portfolio of third party suppliers remains full and current
- The role is expected to be a part of a global Team and will be seen by management as a trusted partner in a 'high support and high challenge' relationship.
- Ongoing third party security assessments
- Third party security risk reporting and metrics
What you'll need to succeed:
- Understanding and working knowledge of control frameworks based on industry best practices such as NIST, COBIT, and ISO27001.
- IT and cybersecurity policies and standards
- Operational risk frameworks
- Third Party Risk Frameworks
- Regulatory compliance
- Data protection
- Technology & Cyber Security
- Objective analysis of poorly defined problems
- Proficient understanding of financial institutions and underlying business processes
- Third Party Risk Management leadership
- Partnership and influence
- Negotiation and Partner management
- Technological, organisational and/or operational change management
What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career.