GRC Specialist - Associate
Our client is a top-tier global financial services organisation with a history spanning over 400 years. The organisation offers a diverse range of financial services, including banking, leasing, securities, credit cards and consumer finance. It operates through more than 130 offices and employs approximately 80,000 people worldwide across nearly 40 countries.
Role Description:
Our client is seeking a 1st Line of Defence - GRC Specialist at the Associate level who has a strong passion for Information Security risk management and is interested in building a career at a fast growing and reputable Bank.
As an Associate within GRC, you will play a vital role in protecting the organisations information assets by conducting comprehensive risk assessments, collaborating with stakeholders, and driving process improvements. Reporting to the Head of Security Risk Assessments, you will help shape the bank's security risk management practices and ensure compliance with internal and external standards.
Role Objectives
* Conduct information security risk assessments for new and existing applications, clients, and regulatory requests.
* Collaborate with IT, business, and compliance teams to identify, assess, and mitigate security risks.
* Continuously improve risk management processes and leverage technology to enhance efficiency.
* Communicate risks and controls effectively to technical and non-technical stakeholders. Assist stakeholders with understanding assessment control questions, identifying compensating controls.
* Maintain and update security policies and procedures; educate stakeholders on changes.
* Support remediation and acceptance of identified risks in consultation with senior team members.
* Understand information security controls and associated risks and articulate the risks and controls to both technical and business stakeholders
* Thoroughly understand the various security risk management policies and procedures to perform risk assessments and to educate new/existing stakeholders when policies and procedures change.
* Simplify and explain risks associated with control gaps by articulating technical controls, risks, impacts and likelihood in business and layman's terms.
* Support risk management tooling such as assessment tools and the risk register.
Qualifications and Skills
* Strong understanding of information security principles, risk assessment methodologies, and regulatory requirements.
* Basic knowledge of commonly used banking applications, operating systems, and databases.
* Basic knowledge of cloud-based applications and tools.
* Basic knowledge of cyber security and information security best practices and industry frameworks, e.g., NYS DFS Cybersecurity, GLBA, CCPA/CPRA, ISO27001, NIST CSF/800-53, ISO 27001, Centre for Internet Security.
* Have strong verbal and written communication skills.
* Ability to demonstrate a self-motivated and disciplined approach to learning and working.
* Ability to work in a team environment and demonstrate leadership skills when needed.
* Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects, and goals.