GRC Analyst

About Us

GRC Analyst

Responsibilities

• Assist in the development, implementation, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO 27001 standards.
• Monitor and ensure compliance with ISO 27001, making sure controls are in place and effectively operating across the organization. Conduct regular assessments to ensure adherence to regulatory, contractual, and internal security requirements.
• Coordinate internal audits and provide support for external ISO 27001 audits. Prepare documentation, assist with gathering evidence, and address findings to ensure timely closure of audit actions.
• Maintain and update ISMS documentation, policies, and procedures. Ensure that security controls, risk assessments, and audit records are accurately documented and up to date.
• Support the delivery of security awareness and training programs related to ISO 27001 standards. Foster a culture of security awareness across the organization.
• Support incident response processes and prepare crisis management plans, ensuring incidents are logged, analyzed, and resolved. Participate in root cause analysis and implement corrective actions to prevent recurrence.
• Collaborate with cross-functional teams to identify, assess, and prioritize security risks. Assist in developing risk mitigation strategies and track the progress of risk treatment plans.
• Proactively identify opportunities to enhance the ISMS framework, suggesting improvements to policies, processes, and tools to ensure they are efficient and effective.
  

Requirements

• Minimum of 2 years in Governance, Risk, and Compliance (GRC) roles, with a focus on ISMS and ISO 27001.
• Bachelor’s degree in Information Security, Computer Science, Business Administration, or a related field (preferred).
• Excellent analytical and problem-solving skills.
• Strong understanding of regulatory requirements and industry standards related to information security.
• Proficiency in risk assessment methodologies and risk management practices.
• Strong communication and interpersonal skills.
• Ability to work effectively both independently and as part of a team.
• Experience with security incident response and crisis management.
• Familiarity with data protection regulations and privacy laws.
• Certification in ISO 27001 Lead Auditor or Lead Implementer (preferred).
• Experience in developing and delivering security awareness training programs.
  

Benefits

• Competitive salary and performance-based bonuses.
• Professional development opportunities, including training and certifications.
• Flexible working hours.
• Collaborative and inclusive work environment.
• Opportunity to work with a passionate team dedicated to making a difference in data privacy and security.