Job Overview:
The GRC Risk Analyst will be responsible for identifying, analysing and
influencing the management of Enterprise IT (EIT) and Enterprise Security (ES)
risks.
Responsibilities:
-
Support internal and external partners on matters of risk assessments,
security controls, and framework requirements. Ensuring security and
compliance requirements are understood.
-
Coordinate EIT responses to regulatory inquiries and audits, making sure
Arm is compliant.
-
Support EIT business continuity management (BCM) needs. Operationalizing
and assuring a capability of safeguarding our services and operations in the
face of disruption and disaster. Further, to mature this capability to put us
on a firm path to becoming operationally resilient.
-
Ensuring continuity and recovery plans are detailed, approved, tested, and
maintained by asset owners and custodians.
-
Develop tactical and positive relationships within the business, partners
and vendors.
-
Develop Standard Operating Procedures (SOP) to detail procedures for risk
assessments, third party assessments, and business process workflows for
Security Governance, Risk, Resilience and Compliance.
-
Ensure that fundamental information on accountable technology is accurate
(e.g. KB Articles process maps training documents and presentations RACI
Contract information).
-
Identify and raise risks, threats and vulnerabilities of technology
security matters. Working with risk owners to shepherd the risks to conclusion
where possible.
Required Skills and Experience:
-
Experience in conducting internal security assessments and reviews,
articulating and documenting information security risks.
-
Strong familiarity with security standards, and audit requirements
including NIST CSF, 800-53, ISO 27001, PCI DSS, and SOC 2 Type 2 reports
-
BCM programme governance - the development and maintenance of a strategy
and enabling governance framework, ideally ISO22301 aligned.
-
Interpersonal skills are required to interact effectively within the
Enterprise Security group, customers and vendors at a tactical level.
-
Agile, self-starter and can prioritise quickly and effectively. Contributes
through the quality, accuracy and timeliness of the tasksservices provided by
self, and quality control of work provided by others.
“Nice To Have” Skills and Experience:
- Hands on experience implementing security within public cloud services
(AWS, Azure, Google).
- Demonstrates a good understanding of the variety of technical security
control concepts, procedures and systems (e.g., Email Security, AV, EDR,
Firewalls).
- Security qualifications i.e., CISSP, CISM.
- Good familiarity with other Enterprise Security organization (can identify
which team fulfils which roles) and a solid grasp of ITIL processes!
**In Return:
** You will be a key person to help our leaders focus on the risk that truly
matters. This is a global role with responsibility for responding to
information security needs across the entire Arm corporation!
LI-JW
Accommodations at Arm
At Arm, we want our people to Do Great Things. If you need support or an
accommodation to Be Your Brilliant Self during the recruitment process,
please email accommodations@arm.com. To note,
by sending us the requested information, you consent to its use by Arm to
arrange for appropriate accommodations. All accommodation requests will be
treated with confidentiality, and information concerning these requests will
only be disclosed as necessary to provide the accommodation. Although this is
not an exhaustive list, examples of support include breaks between interviews,
having documents read aloud or office accessibility. Please email us about
anything we can do to accommodate you during the recruitment process.
Hybrid Working at Arm
Arm’s approach to hybrid working is designed to create a working environment
that supports both high performance and personal wellbeing. We believe in
bringing people together face to face to enable us to work at pace, whilst
recognizing the value of flexibility. Within that framework, we empower
groupsteams to determine their own hybrid working patterns, depending on the
work and the team’s needs. Details of what this means for each role will be
shared upon application. In some cases, the flexibility we can offer is
limited by local legal, regulatory, tax, or other considerations, and where
this is the case, we will collaborate with you to find the best solution.
Please talk to us to find out more about what this could look like for you.
Equal Opportunities at Arm
Arm is an equal opportunity employer, committed to providing an environment of
mutual respect where equal opportunities are available to all applicants and
colleagues. We are a diverse organization of dedicated and innovative
individuals, and don’t discriminate on the basis of race, color, religion,
sex, sexual orientation, gender identity, national origin, disability, or
status as a protected veteran.