Governance Risk and Compliance Analyst

The Governance, Risk and Compliance Analyst role works collaboratively with stakeholders across the business on various activities related to quality, environment, risk, data security, privacy and compliance, with the aim of enabling Talogy to comply with ISO, PCI and other industry standard frameworks.

Please note, this is a 1 year fixed term contract working on a full time basis, Monday to Friday, with flexible hours around a standard 0900-1700.

The daily impact of this role is characterized by (though not limited to) the following core skills and tasks :

• Responsible for ensuring the third-party risk assessment program is categorised and handled in line with industry standards and best practice, including maintenance of the third-party risk assessment library and annual reviews.
• Supporting the development, documentation and maintenance of policies, procedures, and standards across the organisation, ranging from information security and data protection to quality management and environmental management.
• Supporting the continuation of ISO 27001, ISO 9001, ISO 14001, and any other relevant certifications.
• Supporting the maintenance of Management Committees relevant to the compliance function, including governance related responsibilities.
• Assisting with ensuring compliance with established key metrics that measure system objectives and provide evidence of compliance for internal and external audits.
• Assisting with the development of GRC related newsletters and training.
• Identifying and reporting on gaps related to security and compliance and other tasks to support the group’s underlying data and information security processes, infrastructure and ensuring measures are fit for purpose and scaled to deliver an appropriate level of protection.
• Building and maintaining close relationships with business units and teams to assist with the gathering of information for activities related to BCDR, Security Technical Control Identification and operational procedures.
• Maintaining close relationships with the providers of any outsourced contracts for services such as annual audits or other third-party contracts.
• Being a security and compliance champion in promoting and developing awareness of different security and compliance risks and best practices across the company.

The following qualifications and experiences are considered foundational requirements for this role :

• Information security or compliance experience with a proven ability to engage confidently with Senior Management and staff from all other departments globally.
• Governance experience – organising meetings / training, writing agendas, taking minutes, managing action logs.
• Someone who is highly organised, reliable, flexible and has exceptional attention to detail.
• Experience working with GRC platforms and Microsoft products and can learn new systems quickly.
• Experience in working on an ISO standard (preferably ISO 27001, 9001, 14001) – a good knowledge of ISO structures, gathering evidence for audits and gap analysis.
• A solid understanding and of data management plus data and information security, including working knowledge of latest trends and technologies.
• Information security management qualifications or similar.
• Consultancy experience and / or demonstratable experience of providing support to various teams and stakeholders. Background in the technology sector is ideal.