Junior Governance, Risk and Compliance Analyst
Join Musgrave, a long‑standing family‑owned business that serves communities across Ireland and Spain. This role focuses on Information Security Governance, Risk and Compliance (GRC) and supports our data protection, GDPR, NIS2, and cyber risk commitments.
What You’ll Be Doing
* Support the GRC team in maintaining and maturing the third‑party management governance framework.
* Manage day‑to‑day activities, including mailbox, third‑party, and supplier risk management.
* Execute phishing awareness campaigns, training, and corrective actions.
* Coordinate the Risk Working Committee, ensuring IT risks are logged and mitigated.
* Report incidents for IT risk and GDPR breach notifications under NIS2, AI, & GDPR compliance.
* Deliver scheduled GRC governance controls and reviews, continuously assessing the risk register.
* Engage with business owners for onsite audits of third‑party relationships.
* Provide incident support to the Information team.
* Assist with audits and testing reports to ensure compliance with security policies and processes.
* Support internal phishing campaigns, security announcements, and awareness training.
* Monitor compliance across Musgrave, reviewing third‑party assessment questionnaires & DPIAs.
* Advise business areas on security and data protection, supporting data protection projects.
* Create management information, communications, and ad‑hoc reporting.
* Maintain policies and procedures related to Security & Privacy.
* Identify and manage IT and cyber security risks efficiently.
Focused on IT & Cyber Risk
* Conduct technical and procedural assessments of systems, applications, and business activities.
* Define IT & Cyber security requirements and controls for new transformation initiatives.
* Assess vendors from an IT risk perspective.
* Govern security policies and standards, ensuring compliance with ISO 27001, NIST, GDPR, PCI DSS, etc.
* Manage regular risk assessments and testing across the organisation.
* Assist in governance of IT risk, risk register, and exposure management.
* Promote a strong security and risk culture aligned with strategic and commercial goals.
Focused on Compliance
* Assess and report on internal compliance with company policies.
* Liaise with the Data Protection Team for GDPR compliance and third‑party management.
* Support administration of policies, privacy, governance, risk management, third‑party vendors, and compliance frameworks.
* Engage with regulatory authorities, e.g., DPC, on personal data breach reporting and investigations.
* Support with PCI compliance and attestation activities.
What We’re Looking For
* Ethical, impartial, and aware of non‑compliance reporting.
* Confidentiality management skills.
* Team‑oriented, supporting colleagues when needed.
* Resilient self‑starter with strong workload management.
* Analytical, diagnostic, and problem‑solving skills.
* Timely delivery of work.
* Strong presentation and communication skills, including training delivery.
* Relevant IT, Privacy or Security certification, or third‑level qualification.
* Equivalent work‑related experience.
What we Offer
* Career Development – opportunities for advancement and learning.
* Collaborative Environment – impactful teamwork.
* Innovation Focus – forward‑thinking solutions.
* Community Focus – positive community impact.
* Legacy – part of a company with a long commitment to innovation and community.
Ready to make an impact? Apply now and join a forward‑thinking company that values your expertise and vision.
Musgrave is an equal opportunities employer. We encourage applications from diverse candidates and are happy to make accommodations during the interview process. We operate a Work‑Smart hybrid working model, alternating time between in‑office and remote work.
#J-18808-Ljbffr