We're looking for an IT Risk and Compliance Analyst to join our Information Security team as part of our second line of defence function. If you're confident engaging with SMEs, have strong technical skills, and enjoy driving governance through control testing, this could be the right next step.
Your key responsibilities:
Conduct regular testing of security controls under our Information Security Monitoring Plan
Evaluate the effectiveness and suitability of existing controls
Review evidence with first-line teams and escalate issues when needed
Log and track assessments within our GRC platform
Help define remediation strategies and follow them through to closure
Support the development of security policies and contribute to risk analysis
We’re looking for someone who has:
A strong foundation in Cybersecurity – 5+ years' experience, including at least 2 years in control testing
In-depth knowledge of NIST CSF v2 and NIST 800-53 v5
Recognised certifications such as CISA, CISSP, CISM, or CRISC
Solid experience with GRC systems (especially RSA Archer is a plus)
Excellent communication skills and a proactive, structured approach
#J-18808-Ljbffr