Audit Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
-
As a Senior GRC Analyst you will be responsible to assist Equiti Group in navigating security and cyber risk, governance, and maturity within the context of the business and the threats Equiti face. Your role encompasses conducting gap analysis and risk assessments across various information security frameworks like ISO 27001, PCI DSS and NIST. Ensuring information risks are addressed with stakeholders at all levels is crucial. Additionally, you'll implement compliance and audit frameworks while presenting security advice to key business stakeholders.
Responsibilities
- Develop and maintain an Information Security Governance framework, ensuring alignment with the organization's overall governance structure.
- Collaborate with Chief Information Security Officer, GRC Manager and senior management to establish and monitor information security policies, procedures, and standards.
- Facilitate regular security governance meetings and provide updates to senior management.
- Identify, assess, and prioritize information security risks.
- Develop and manage a comprehensive risk management program, including risk assessment methodologies and risk treatment plans.
- Work with business units to implement risk mitigation strategies and monitor their effectiveness.
- Conduct regular information security risk assessments and report findings to GRC Manager and senior management.
- Ensure compliance with relevant information security laws, regulations, and industry standards (e.g., GDPR, ISO 27001, PCI DSS, COBIT).
- Develop and maintain information security compliance policies, procedures, and controls.
- Coordinate and oversee information security compliance audits and assessments.
- Keep abreast of regulatory changes and update information security compliance programs accordingly.
- Develop and manage a centralized information security policy framework.
- Collaborate with stakeholders to establish, review, and update information security policies and procedures as needed.
- Ensure information security policies are communicated, understood, and adhered to throughout the organization.
- Prepare and present regular reports on information security GRC activities to senior management and relevant committees.
- Maintain accurate and organized records of information security governance, risk, and compliance activities.
- Evaluate and manage third-party information security risks and relationships.
- Establish vendor risk assessment processes and criteria.
-
Skills & Competencies
- Strong knowledge of information security governance, risk management, and compliance principles, practices, and regulations.
- Excellent communication, leadership, and negotiation skills.
- Analytical and problem-solving abilities.
-
Experience Requirements
- Bachelor's degree in Information Security, Cybersecurity, Business, or a related field (Master's degree preferred).
- Relevant professional certifications, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or Certified Compliance and Ethics Professional (CCEP).
- Several years of experience in information secur
Employment Type
Full Time
