Governance, Risk & Compliance Analyst
Musgrave is one of Europe’s most successful family‑owned businesses, with a rich 150‑year legacy in food and brand innovation. We are proud to serve communities across Ireland and Spain, feeding one in three people every day through 18 iconic brands such as SuperValu, Centra, Mace, Frank and Honest, and Musgrave MarketPlace. By supporting thousands of retail and food‑service family businesses, we make a positive impact on the communities we serve. We are committed to becoming the most trusted and sustainable business in Ireland, and we are looking for dynamic, forward‑thinking individuals to join us on this journey.
What You’ll Be Doing
* Develop, update, implement, and maintain a Governance, Risk, and Compliance framework.
* Develop supporting policies, procedures, standards, and technologies across the company to implement the framework.
* Define RFP security requirements and act as a security specialist for IT and business projects.
* Evaluate new third parties and engage with business owners of third‑party relationships in respect of onsite audits.
* Manage the pipeline of activity through the project demand process, ensuring projects are assessed for exposure correctly.
* Conduct onsite audits of third parties to determine their compliance with information‑security best practices and relevant contract clauses.
* Oversee and assist in the scoping, completion, and implementation of recommendations arising from third‑party information‑security reviews.
* Support the business, IT, and Information Security Team during internal and external audits.
IT & Cyber Risk
* Conduct technical and procedural assessments of the company’s systems, applications, and business activities as requested by the Information Security GRC Manager, followed by formal reporting and tracking of remediation activities.
* Define IT & Cyber security requirements and controls for new transformation activities.
* Assess vendors from an IT risk point of view.
* Governance and application of our security policies and standards.
* Ensure compliance with relevant frameworks and regulations (ISO 27001, NIST, GDPR, PCI DSS, etc.).
* Manage and conduct regular risk assessments and control effectiveness testing across the organization.
* Assist in governance, managing IT risk, the risk register and related exposure management activities.
* Promote and foster a strong security and risk culture, ensuring we meet our strategic and commercial goals.
Compliance
* Assess and report on internal compliance with company policies and standards.
* Liaise with the company’s Data Protection Officers regarding GDPR compliance and third‑party management.
* Support activities related to the administration of policies and processes, privacy, governance, and risk management program, third‑party vendors, and compliance frameworks.
* Support engagement with regulatory authorities, such as the Data Protection Commission (DPC), on personal data breach reporting, complaints, and investigations.
* Monitor compliance across Musgrave and review documentation that evidences this, such as Third‑Party Assessment questionnaires and Data Protection Impact Assessments (DPIAs).
* Assist in PCI compliance and attestation activities.
GRC Team Supporting Activities
* Maintain and mature the existing third‑party management governance framework.
* Manage day‑to‑day activities such as mailbox management.
* Manage day‑to‑day activities related to third‑party and supplier risk.
* Manage day‑to‑day execution of phishing awareness and corrective actions, including employee training and awareness.
* Manage day‑to‑day execution of the Risk Working Committee (RWC), ensuring IT risks are captured, logged, and stakeholders engaged.
* Manage day‑to‑day incident reporting for IT risk and GDPR breach notifications.
* Support the GRC resources in meeting compliance obligations such as NIS2, AI, GDPR.
* Execute and develop scheduled GRC governance controls and reviews.
* Conduct continuous assessment and review of the risk register, supporting the GRC resources.
* Engage with business owners of third‑party relationships in respect of onsite audits.
* Support the Information team during incidents.
* Assist with audits and testing reports to ensure compliance with security policies and processes.
* Support activities related to internal phishing campaigns, security announcements, and awareness training.
* Leverage and liaise with the GRC team to provide security and data protection advice to business areas across the group.
* Produce management information, communications, and ad‑hoc reporting as required.
* Maintain policies and procedures related to security and privacy.
* Identify and manage IT and cyber security risks in an effective and efficient manner.
What We’re Looking For
* Privacy / Security certification such as IAPP, CDPP, CIPP, CISSP, or third‑level qualification.
* Equivalent work‑related experience.
* A strong understanding of security and data protection regulations, directives, standards, and guidelines.
* Experience in IT controls, risk assessments, or data protection obligations.
* Experience defining and implementing controls to support frameworks & regulations such as NIS, AI, GDPR, ISO 27001.
* Experience managing relationships with internal stakeholders and engaging with regulators such as the Data Protection Commission.
* Ethical, with the ability to remain impartial and report all non‑compliance.
* Ability to handle confidential information.
* Proven ability to function in a team environment, supporting team members when needed.
* A resilient self‑starter that can manage workloads comprehensively while ensuring business objectives are met.
* Analytical, diagnostic, and problem‑solving skills.
* Timely delivery.
* Good presentation of information skills (graphic, written, oral, including delivery of training).
What We Offer or Why Musgrave
* Career Development: With a commitment to your personal and professional growth, Musgrave offers numerous opportunities for advancement and learning.
* Collaborative Environment: Work alongside a passionate team, where your contributions will make a significant impact.
* Innovation Focus: Be part of a company that values forward‑thinking solutions.
* Community Focus: Be part of a company that truly values its communities and strives to make a positive impact.
* Legacy: Join a company with a long‑standing commitment to community and innovation.
Musgrave is an equal opportunities employer. We encourage applications from diverse candidates. If we can make any accommodations to enable you to be the best version of yourself during the interview, please let us know.
Musgrave operates a Work‑Smart hybrid working model where you can alternate your time between connecting and collaborating in the business and working remotely.
#J-18808-Ljbffr