We are seeking a
GRC (Governance, Risk, and Compliance) Analyst
to join our client's security team in Dublin. This role will be crucial in a fast-paced environment where you'll be responsible for ensuring our security posture aligns with key regulatory frameworks and industry best practices. The ideal candidate will have deep expertise in
ISO 27001
,
NIST
, and
DORA
.
Responsibilities
* Compliance & Governance:
Lead the implementation and maintenance of security frameworks, specifically
ISO 27001
,
NIST CSF
, and the new
DORA
regulation.
* Risk Management:
Conduct detailed risk assessments and gap analyses to identify vulnerabilities and compliance gaps against specified frameworks.
* Audits:
Coordinate and support internal and external audits, including preparing evidence and documentation for auditors. You will be the point of contact for audit inquiries.
* Policy & Procedure:
Develop, update, and manage security policies, standards, and procedures to ensure they align with the latest regulatory requirements.
* Reporting:
Create and present clear, actionable reports on our compliance status, risk posture, and remediation efforts to both technical teams and senior leadership.
* Remediation:
Track and facilitate the remediation of identified control gaps, collaborating with various teams to ensure timely resolution.
Skills & Qualifications
* Experience:
At least 3-5 years of experience in a GRC, information security, or IT audit role.
* Technical Expertise:
A comprehensive and practical understanding of
ISO 27001
and its implementation. Experience with
NIST frameworks
(e.g., CSF, SP 800 series) is essential.
* DORA Knowledge:
A strong understanding of the
Digital Operational Resilience Act (DORA)
is a key requirement. You must know what it entails and how to apply it within a financial or IT services organization.
* Certifications (Preferred):
Relevant professional certifications are highly desirable, such as
ISO 27001 Lead Implementer/Auditor
,
CRISC
,
CISA
, or
CISSP
.
* Communication:
Excellent communication and stakeholder management skills. You must be able to translate complex security and compliance requirements into a business context for non-technical audiences.
* Problem-Solving:
Strong analytical and problem-solving abilities, with a meticulous attention to detail.