Job DescriptionA large global organisation are looking for a GRC Manager to join the team and provide a deep level of product and technology expertise on Service Owners within IT Business Units and the IT Demand Leads and Project Managers who deliver Solutions in IT.
The customers are located worldwide. The responsibility extends across all phases of the system lifecycle; System Delivery, System Support and Decommissioning.
This will be a permanent, full-time position.
The position will be on a hybrid basis, 3 days on-site in the London office, 2 days working remotely.
Key Responsibilities:
- Conduct security risk assessments for defined business applications, 3rd party suppliers or IT
installations in defined areas and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls
- Performs risk assessment, and business impact analysis for medium size information systems.
- Contribute to the creation of Policy, Standards, Procedures, Guidance and Training
- Perform Compliance monitoring and review Information Systems for compliance to Policy,
Standards and Procedures
- Perform Compliance Monitoring (Level 2 monitoring) for agreed high priority security controls
- Provide authoritative advice and guidance on Information assurance strategies to manage the
identified risk or compliance gap.
- Maintain knowledge of specific technical specialisms within the domain of Information Security (as defined by ISO 27001) and Quality Management. Provides detailed advice regarding their
application and executes specialised tasks.
- Business Risk Management:
- Carry out risk assessment within a defined functional or technical area of business.
- Use consistent processes for identifying potential risk events, quantifying and documenting the
probability of occurrence and the impact on the business.
-Provide input to the service continuity planning process and implements resulting
plans.
- Define documents and carry out small projects (typically less than six months),
- Actively participate in all phases of larger projects. Identify, assesses and manages risks to the
success of the project. Prepares realistic project and quality plans and tracks activities against the
plans, providing regular and accurate reports to stakeholders as appropriate.
- Stakeholder Relationship Management:
-Initiate communications between stakeholders, acting as a single point of contact for defined
groups.
- Facilitates open communication and discussion between stakeholders.
- Quality Management and Assurance:
- Advise on the application of appropriate quality management techniques.
- Facilitate improvements to processes by changing approaches and working practices, typically
using recognised models.