GRC Specialist
Milton Keynes (GBR)
DS Smith
DS Smith is an international packaging company, offering sustainable, plastic-free packaging, integrated recycling services, and sustainable paper products.The role will involve Digital Security and Information & Technology (I&T) Governance, Risk and Compliance (GRC) awareness, culture, simulations, supplier security assurance, policies, standards, and risk management.
Reporting to the I&T Governance and Risk Lead, the GRC specialist will support:
Digital security awareness and culture activities including driving ethical phishing and e-learning campaigns.
Specification and facilitation of cyber scenario simulations.
Supplier security assurance activities.
Provision of digital security and technology risk advice and guidance.
Facilitate and support IT risk management processes and continuous improvement.
The GRC Specialist will address tasks as assigned by the GRC team and take ownership of aspects of the risk process, supplier review and awareness campaigns, including monitoring and insights driven by analysis of related data and MI. You will have experience of delivering and working within digital security control frameworks such as ISO27001, NIST CSF and CIS.
As the successful candidate, you will demonstrate strong analytical and problem-solving skills, and the ability to communicate and present information in multiple ways, e.g., written, verbal, preparation of presentations, a career goal in the field of digital security and technology risk management. You will develop, roll-out and manage digital security awareness campaigns across the not just the DS Smith Digital Security team but also the wider business, which includes ethical phishing support and administration.
The GRC Specialist will build effective working relationships across I&T, business stakeholders and external stakeholders as the SME and specialist within GRC. This role may include periodic planned travel, ‘on-site’ visits in support of the business engagement outlined.
About you
Knowledge and experience working with information security standards and frameworks such as ISO, NIST, ISF SOGP, Cyber Essentials, etc.
Ability to communicate clearly and effectively across all management levels of the company, particularly when articulating complex IT concepts to non-IT stakeholders.
Knowledge and experience managing and executing risk and control processes in line with industry good practice.
Experience tracking internal and external audit actions, and support stakeholder liaison to drive actions to closure.
Effective time management skills and ability to juggle several tasks and conflicting priorities
Tertiary academic or vocational qualification in a relevant field, or equivalent work experience/professional accreditations
Professional certifications such as CISSP, CISA, CRISC would be advantageous
Benefits
Competitive salary
Company bonus
Pension scheme
Life assurance
Income protection
25 days holiday plus bank holidays
Electric Car/Bike Scheme
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISA CISSP Compliance CRISC Governance ISO 27001 Monitoring NIST Risk management
Perks/benefits: Career development Competitive pay Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs