We´re hiring new talent

Quartz believes in the power of the individual to create great things.

We're hiring new talent

Information Security GRC Analyst

Deadline

30/09/2021

Summary

Reporting to the Information Security Governance, Risk and Compliance Team Lead, the Information Security Analyst will be part of a global team of information security specialists, contributing to governance practices and security risk management activities across the organisation.

The Information Security Analyst will have sound knowledge of information security frameworks and an understanding of their practical application, along with strong written and verbal communication skills. The role will suit a highly motivated, proactive individual who understands the importance of fostering a strong security culture in a fast paced, agile environment.

Responsibilities

Key responsibilities include, but are not limited to:

  • Draft, review, and update information security policies, standards and procedures, aligned to recognised frameworks (e.g. ISO 27001, NIST CSF, CIS Top 20) and tailored to organisational objectives and stakeholder requirements.
  • Assist the GRC Team Lead and Principal Analyst in defining and delivering security assessments and reviews focusing on People, Processes and Technologies, to identify information security risks and control gaps.
  • Contribute to all aspects of information security risk management activities, including the development of effective risk mitigation plans, the continuous improvement of control measures and the collation of risk reporting metrics.
  • Develop and deliver training content across a range of security themes tailored to all levels of the organisation and specific business functions. Identify new and creative ways to enhance security education and training provision through graphical, written and verbal means.
  • Carry out open source intelligence (OSINT) research to collect information on current and future security threats and trends relevant to the organisation.
  • Assist the GRC Team Lead and Principal Analyst in providing information security support to wider organisational projects through stakeholder collaboration. Conduct vendor/product security and privacy reviews to provide best practice recommendations.
  • Provide GRC input across the wider security function, including Cyber Security, Security Engineering and Physical Security, in support of team projects, security monitoring and alerting tasks and incident response activities.

Requirements

  • Good knowledge and practical experience with information security standards and control frameworks e.g. ISO27001, NIST CSF, CIS Top 20, GDPR.
  • Experience across a range of themes including security and privacy principles, risk management, third-party risk analysis, cyber hygiene, personal and physical security best practices.
  • A basic understanding of technical concepts relating to IT infrastructure (e.g. networks, email systems, authentication) with the ability to quickly grasp complex technical aspects.
  • Adaptable and versatile with the proven ability to work independently as well as build positive cross-departmental working relationships.
  • Strong English (verbal and written). Confident and engaging communicator capable of condensing information into clear, concise and informative reports and presentations.
  • Willing to travel up to 10% of the time;

Desirable

  • CISMP or relevant industry certifications.

Job application

Thanks for your application