GRC specialist - United Kingdom - Morgan Philips Group

    Morgan Philips Group
    Morgan Philips Group United Kingdom

    Found in: Appcast UK C C2 - 1 week ago

    Default job background
    Description

    GRC specialist (Governance, Risk Compliance)

    I am working with a professional services client based in Central London who is looking for a GRC specialist to join their global team with the governance, risk and compliance team. This is a fast paced environment where you will be exposure to different environments and gain further experience within this field.

    Experience

    • Vendor Security Assessments . Solid hands-on experience doing end-to-end vendor security risk assessments/reviews (full life cycle) – at least 2 years of experience needed
    • Client/Customer Security Questionnaires . Experience responding to Client/Customer Security Questionnaires regarding security posture of company.
    • Security Risk . Experience with security risk management, inherent risk, residual risk, risk matrix, risk statements, risk register.
    • Technical Understanding of Security Controls . Very good technical understanding of security controls – especially in relation to ISO 27001 – including but not limited to web application penetration testing, web application firewall, SOC 2 Type II, security certifications. The ability to speak clearly about security controls to the business in simple terms.
    • Communication . Excellent oral and written skills to internal staff of all levels, senior stakeholders.
    • Respond to client security questionnaires, RFP/RFI's, and audit requests.
    • Perform third-party security vendor diligence, liaise with business stakeholders to perform assessments and identify risk and monitor activities of existing vendors.
    • Respond to and maintain the GRC service queue (ServiceNow) for tickets escalated to the team.
    • Any experience with OneTrust GRC tool or similar would be useful

    Education

    • Bachelor's degree – whether in Information Security, Computer Science or related areas.
    • Industry recognized certification in security such as, for e.g., CISSP, CISA, CISM, CRISC, ISO

    This is a permanent role based in Central London, the role does offer hybrid working which includes attending the office on a weekly basis as well as some remote working. The salary on offer is £70,000 - £85,000 dependent on experience. The client will only consider those who have the right to work in the UK and will not provide any sponsorship.