Governance, Risk and Compliance Analyst Join Our Family at Musgrave Musgrave is one of Europes most successful family-owned businesses, with a rich 150-year legacy in food and brand innovation. We're proud to serve communities across Ireland and Spain, feeding one in three people every day through 18 iconic brands like SuperValu, Centra, Mace, Frank and Honest, and Musgrave MarketPlace. By supporting thousands of retail and foodservice family businesses, we make a positive impact on the communities they serve. We're committed to becoming the most trusted and sustainable business in Ireland, and we're looking for dynamic, forward-thinking individuals to join us on this journey. As we continue our journey toward becoming Irelands most trusted and sustainable business, we have an exciting opportunity for a successful candidate to join our team as an Governance, Risk and Compliance Analyst. As an organization our success ultimately depends on our customers trust in us. Our reputation and success depend on our ability to effectively secure our data and our customers information, whilst meeting our compliance obligations with the General Data Protection Regulations (GDPR). In Musgrave we are continuously looking to enhance our security and privacy posture to ensure our retail, online, applications and data are secured whilst supporting a broad set of customers, retailers, and supplier interactions as seamlessly and conveniently as possible. This is an excellent opportunity for innovative and motivated people with excellent communication skills and an experience in Information Security, Governance, IT risk and Compliance to hone their skills and elevate their careers with Irelands largest private sector employer. The Information Security - GRC Team are a specialized team that focuses on Governance, IT Risk and Compliance activities to support Musgrave Strategic & commercial objectives, including execution of DPO duties. We are seeking two key individuals to support the team with the necessary skills focused on either IT & Cyber Risk or Data protection and regulation experience. These roles will be heavily involved (but not limited) in the Musgrave IT transformation agenda, assessing, securing and ensuring we are meeting our compliance obligations for new projects and systems. Applicants should have a strong background and experience in both areas or extensive experience in either IT & Cyber Risk or Data protection and regulation experience What youll be Doing The Cyber & GRC Analyst (cGRC) is responsible for supporting the wider Information Security - GRC team in: GRC Transform Activities: Develop, update, implement, and maintain a Governance, Risk, and Compliance framework. Develop supporting policies, procedures, standards, and technologies across the company and its various divisions and business enterprises to implement the framework. Define RFP security requirements and act as a security specialist for IT and Business projects. Evaluation of new third parties and engage with business owners of third-party relationships in respect of onsite audits. Manage the Pipeline of activity through the project demand process, ensuring project are assessed for exposure correctly, Information Security resource Conduct onsite audits of third parties to determine their compliance with information security best practices and, where relevant, security controls in contract clauses. Oversee and assist in the scoping, completion, and implementation of recommendations arising from third-party information security specialist and/or external audit reviews. Support the business, IT, and Information Security Team during internal and external audits. IT & Cyber Risk Conduct technical and procedural assessments of the company's systems, applications, and business activities as requested by the Information Security GRC Manager, followed by formal reporting and tracking of remediation activities to completion. Defining IT & Cyber security requirements and controls for new transformation activities. Assessing vendors from an IT risk point of view. Governance and application of our Security policies, standards. Ensure compliance with relevant frameworks and regulations (ISO 27001, NIST, GDPR, PCI DSS, etc.). Manage and conduct regular risk assessments and control effectiveness testing across the organisation. Assist in governance, managing IT Risk, the risk register and related exposure management activities. Promote and foster a strong security and risk culture, promoting appropriate controls and mitigation while ensuring we meet our strategic & commercial goals. Compliance Assess and report on internal compliance with company policies and standards. Liaise with the company's Data Protection Officers in relation to GDPR compliance and third-party management. Support activities related to the administration of policies and processes, privacy, governance, and risk management program, third-party vendors, and compliance frameworks. Support with the engagement with the relevant regulatory authorities, for example, the Data Protection Commission (DPC) on personal data breach reporting, complaints, and investigations. Monitoring compliance across Musgrave and reviewing documents that evidence this, such as Third-Party Assessment questionnaires and Data Protection Impact Assessments (DPIAs). Supporting the Information Security & Privacy team as required in identifying and managing IT and cyber security risks in an effective and efficient manner. Assist in PCI compliance and attestation activities. GRC Team Supporting Activities: Maintain and mature the existing third-party management governance framework. Managing the day-to-day activities such as mailbox management. Managing the day-to-day activities related to 3rd party and supplier risk Manage the day-to-day execution of our phishing awareness and corrective actions, including employee training and awareness. Manage the day-to-day execution of the RWC (Risk Working Committee), ensuring IT risks and captured, logged and IT stakeholders engaged in their mitigation. Manage the day-to-day incident reporting for both IT risk and GDPR breach notifications. Support the GRC resources in their duties to meet compliance obligations such as NIS2, AI, GDPR. Execution and development of the scheduled GRC scheduled governance controls and reviews. Continuous Assessment & review of the risk register, supporting the GRC resources in their duties. Engage with business owners of third-party relationships in respect of onsite audits. Support the Information team during an incident. Assist with audits and testing reports to ensure compliance with security policies and processes. Support activities related to internal phishing campaigns, security announcements, and awareness training. Monitoring compliance across Musgrave and reviewing documents that evidence this, such as Third-Party Assessment questionnaires and Data Protection Impact Assessments (DPIAs). Leverage and liaise with the GRC team to provide security and data protection advice to business areas across the group, including supporting data protection projects across the organisation. Producing management information, communications, and ad-hoc reporting as required. Maintaining Policies and Procedures related to Security & Privacy. Supporting the Information Security & Privacy team as required in identifying and managing IT and cyber security risks in an effective and efficient manner. What were looking for Privacy / Security certification such as IAPP, CDPP, CIPP, CISSP, or third level qualification Equivalent work-related experience A strong understanding of Security and Data Protection regulations, directives, standards, and guidelines. Experience in IT Controls, Risk Assessments or Data Protection obligations. Experience in defining and implementing controls to support framework & regulations such as NIS, AI, GDPR, IOS27001 Experience in managing relationships with internal stakeholders and engaging with regulators such as the Data Protection Commission. Ethical, with the ability to remain impartial and report all noncompliances Ability to handle confidential information Proven ability to function in a team environment, supporting team members when needed. A resilient self-starter that can manage their workloads in a and comphrensive manner while ensuring they meet the business objectives. Analytical, diagnostic, and problem-solving skills Timely delivery Good Presentation of information skills (graphic, written, and oral including delivery of training) What we Offer or Why Musgrave: Career Development: With a commitment to your personal and professional growth, Musgrave offers numerous opportunities for advancement and learning. Collaborative Environment: Work alongside a passionate team, where your contributions will make a significant impact Innovation Focus: Be part of a company that values forward-thinking solutions Community Focus: Be part of a company that truly values its communities and strives to make a positive impact. Be Part of a Legacy: Join a company with a long-standing commitment to community and innovation. Ready to make an impact? Apply now and be part of a forward-thinking company that values your expertise and vision. Musgrave is an equal opportunities employer. We encourage applications from diverse candidates. If we can make any accommodations to enable you to be the best version of yourself during the interview, please let us know. Musgrave operate a Work Smart hybrid working model where you can alternate your time between connecting and collaborating in the business and working remotely.