Junior Governance, Risk and Compliance Analyst. Join Our Family at Musgrave Musgrave is one of Europes most successful family-owned businesses, with a rich 150-year legacy in food and brand innovation. We're proud to serve communities across Ireland and Spain, feeding one in three people every day through 18 iconic brands like SuperValu, Centra, Mace, Frank and Honest, and Musgrave MarketPlace. By supporting thousands of retail and foodservice family businesses, we make a positive impact on the communities they serve. We're committed to becoming the most trusted and sustainable business in Ireland, and we're looking for dynamic, forward-thinking individuals to join us on this journey. As we continue our journey toward becoming Irelands most trusted and sustainable business, we have an exciting opportunity for a successful candidate to join our team as an Junior Governance, Risk and Compliance Analyst. As an organization our success ultimately depends on our customers trust in us. Our reputation and success depend on our ability to effectively secure our data and our customers information, whilst meeting our compliance obligations with the General Data Protection Regulations (GDPR). In Musgrave we are continuously looking to enhance our security and privacy posture to ensure our retail, online, applications and data are secured whilst supporting a broad set of customers, retailers, and supplier interactions as seamlessly and conveniently as possible. This is an excellent opportunity for innovative and motivated people with excellent communication skills and an interest in Information Security, Governance, IT risk and Compliance to develop their skills and build a career with Irelands largest private sector employer. What youll be Doing The Cyber & GRC Analyst (Governance, Risk and Compliance Analyst) is responsible for supporting the Information Security - GRC team in: GRC Perform Activities: Maintain and mature the existing third-party management governance framework. Managing the day-to-day activities such as mailbox management. Managing the day-to-day activities related to 3rd party and supplier risk Manage the day-to-day execution of our phishing awareness and corrective actions, including employee training and awareness. Manage the day-to-day execution of the RWC (Risk Working Committee), ensuring IT risks and captured, logged and IT stakeholders engaged in their mitigation. Manage the day-to-day incident reporting for both IT risk and GDPR breach notifications. Support the GRC resources in their duties to meet compliance obligations such as NIS2, AI, GDPR. Execution and development of the scheduled GRC scheduled governance controls and reviews. Continuous Assessment & review of the risk register, supporting the GRC resources in their duties. Engage with business owners of third-party relationships in respect of onsite audits. Support the Information team during an incident. Assist with audits and testing reports to ensure compliance with security policies and processes. Support activities related to internal phishing campaigns, security announcements, and awareness training. Monitoring compliance across Musgrave and reviewing documents that evidence this, such as Third-Party Assessment questionnaires and Data Protection Impact Assessments (DPIAs). Leverage and liaise with the GRC team to provide security and data protection advice to business areas across the group, including supporting data protection projects across the organisation. Producing management information, communications, and ad-hoc reporting as required. Maintaining Policies and Procedures related to Security & Privacy. Supporting the Information Security & Privacy team as required in identifying and managing IT and cyber security risks in an effective and efficient manner. Focused on IT & Cyber Risk Conduct technical and procedural assessments of the company's systems, applications, and business activities as requested by the Information Security GRC Manager, followed by formal reporting and tracking of remediation activities to completion. Defining IT & Cyber security requirements and controls for new transformation activities. Assessing vendors from an IT risk point of view. Governance and application of our Security policies, standards. Ensure compliance with relevant frameworks and regulations (ISO 27001, NIST, GDPR, PCI DSS, etc.). Manage and conduct regular risk assessments and control effectiveness testing across the organisation. Assist in governance, managing IT Risk, the risk register and related exposure management activities. Promote and foster a strong security and risk culture, promoting appropriate controls and mitigation while ensuring we meet our strategic & commercial goals. Focused on Compliance Assess and report on internal compliance with company policies and standards. Liaise with the company's Data Protection Team in relation to GDPR compliance and third-party management. Support activities related to the administration of policies and processes, privacy, governance, and risk management program, third-party vendors, and compliance frameworks. Support with the engagement with the relevant regulatory authorities, for example, the Data Protection Commission (DPC) on personal data breach reporting, complaints, and investigations. Monitoring compliance across Musgrave and reviewing documents that evidence this, such as Third-Party Assessment questionnaires and Data Protection Impact Assessments (DPIAs). Supporting the Information Security & Privacy team as required in identifying and managing IT and cyber security risks in an effective and efficient manner. Assist in PCI compliance and attestation activities. What were looking for Ethical, with the ability to remain impartial and report all noncompliances Ability to handle confidential information Proven ability to function in a team environment, supporting team members when needed. A resilient self-starter that can manage their workloads in a and comphrensive manner while ensuring they meet the business objectives. Analytical, diagnostic, and problem-solving skills Timely delivery Good Presentation of information skills (graphic, written, and oral including delivery of training) IT, Privacy or Security certification or third level qualification Equivalent work-related experience What we Offer or Why Musgrave: Career Development: With a commitment to your personal and professional growth, Musgrave offers numerous opportunities for advancement and learning. Collaborative Environment: Work alongside a passionate team, where your contributions will make a significant impact Innovation Focus: Be part of a company that values forward-thinking solutions Community Focus: Be part of a company that truly values its communities and strives to make a positive impact. Be Part of a Legacy: Join a company with a long-standing commitment to community and innovation. Ready to make an impact? Apply now and be part of a forward-thinking company that values your expertise and vision. Musgrave is an equal opportunities employer. We encourage applications from diverse candidates. If we can make any accommodations to enable you to be the best version of yourself during the interview, please let us know. Musgrave operate a Work Smart hybrid working model where you can alternate your time between connecting and collaborating in the business and working remotely.