Security Governance Risk & Compliance Analyst
Posted:
- Location
- United Kingdom
- Job type
- Permanent
| Reports to: Darren Allen - DPO Job purpose: To ensure that new and current projects protect the confidentiality, integrity and privacy of our data by leveraging risk analysis, governance, compliance, industry best practices, and global privacy knowledge. Accountabilities: The SGRC Analyst will: Act as the first point of contact and consultation for any stakeholders in the business teams launching new efforts, providing innovative thinking on the best ways to protect privacy and security, ensuring governance and compliance and mitigating risks during the planning, researching, and designing phases. Review global privacy standards and give guidance to maintain compliance for a widening base of international products and ensure best practices are captured and followed. Document processes/workflows to identify gaps and provide process enhancement recommendations Review and understand existing agreements, contractual arrangements and standards to identify and remediate challenges. Perform periodic gap assessments to validate governance & compliance on an ongoing basis. Perform annual reviews and support internal and external audit process for relevant compliance and assurance concerns. Partner with the production, development and other teams to ensure they make the right decisions when handling data, including customer data. Support vendor due-diligence process and help to lead and define overall third party risk management efforts. Perform business impact analysis and assist with development and management of the risk register. Stay up to date and informed on developing regulatory concerns and changing IT and information security trends. Represent privacy function when DPO is unavailable. Assist DPO with onboarding of new starters with GDPR induction. Key relationships: Security Director DPO People & Development Team Marketing Team Commercial/Business Teams Engineering Skills and attributes: Essential Experience in Cyber Security, Privacy, Governance Risk, & Compliance is preferred; however, any combination of experience, education, or certification that demonstrates the candidate can be successful in information security and/or IT risk management with a focus on security, governance, risk and compliance. Critical thinking, synthesis, analytical skills, and superb reading comprehension. Excellent organisational, communication and presentation skills; as well as business acumen and a commercial outlook. The ability to multitask in a fast-paced environment. The ability to grasp concepts quickly, make sound decisions and resolve issues completely. Knowledge of compliance, governance & risk assessment frameworks/processes Proficiency in data manipulation and analysing large amounts of data from multiple data sources Desirable Strong experience in Information Security, Governance, Risk & Compliance Previous experience in GDPR and Global Privacy Relevant industry certifications Benefits We offer a range of well-being initiatives, including private medical insurance, excellent parental leave, a working globally policy, mental health support, assistance programs, and social gatherings. We also provide a pension scheme and various other benefit schemes. Plus, we all get our birthdays off work and enjoy 25 days of holiday per year. We’ve also got you covered with life assurance and exclusive perks like the Star card and our Step Further Awards (our employee recognition program) to recognise your dedication. For those working via the hybrid model (in the office and at home) we’ve made commuting easier with our Season Ticket Loan and Cycle to Work Scheme. You can also take advantage of complimentary access to our Racing Post Members Club, complete with an Ultimate Membership. We believe in making a positive impact beyond the workplace, and you'll have the chance to volunteer two days per year with our charity partner, . |