GRC Analyst
India
Twinings
Shop over 200 teas from around the world. Find gifts for all occasions, teaware, accessories and confectionery, as well as recipes, expert advice and more.Application Deadline: 12 July 2024
Department: BizTech
Employment Type: Permanent - Full Time
Location: India
Description
Great People Work HereAre you searching for a career with bags of variety, in an environment that celebrates differences and empowers collaboration, which values individuals and will encourage you to make an impact? Do you want the freedom to explore, and the opportunities to find new ways and to innovate? If so, TwiningsOvo delivers.
We’re looking for people who don’t just come here to get the job done, but who have a real passion for the brand and a desire to do the best job they can. In return, we offer an inspiring package of employee benefits - to show just how much we value you. This role will offer you the scope for growth and the tools to aim high.
The Security Governance, Risk and Compliance (GRC) Analyst requires an individual with initiative, drive and ambition to help deliver the future cyber risk and compliance strategy at ABF. This is a highly autonomous role that benefits from close interaction with senior leadership across ABF. The role will report to the GRC Manager and be responsible for delivering compliance assessments against policy, NIST, ISO, etc; support businesses with remediating identified gaps, and; providing support, advice, and guidance to help businesses understand and achieve their risk and compliance objectives. They will support ABF group initiatives to help businesses address common areas of risk and avoid any duplication of effort.
Please note that this role is working for Associated British Foods under the trading name of Twinings Ovaltine India.
Key Responsibilities
- Thought leadership, Influence and Deliver Cyber Risk Assurance
- Plan and execute assessments against industry best-practice frameworks (NIST, ISO, etc.) at the businesses.
- Plan and execute compliance assessments of ABF IS policy at the businesses.
- Responsible for holding to account operational areas, owners of risk and suppliers to deliver against the Group Cyber Security (GCS) strategy, programmes, and requirements.
- Support the creation and implementation of an enhanced Cyber Risk Management framework for the group. Working closely with the GRC Manager and key stakeholders to support businesses in identifying, assessing, and managing their cyber risks.
- Ensure consistent and continual alignment to the business and GCS strategy through oversight of a Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting.
- Monitor and drive rollout of the cyber governance, risk, and compliance programme for information security.
- Support the collation of cyber risks for reporting to the board.
- Support maintaining the information security policy set for the group. Working closely with the Head of GRC and GRC Manager to continuously improve Group IS policies and guidelines to ensure policies remain current and appropriate.
- Support the adoption and maintenance of a GRC platform
- Advise on exceptions to ABF information security policies. Track/approve exceptions which impact multiple BUs or present a risk to the group.
- Provide support, advice and guidance to ABF businesses to help them maintain robust IS controls to protect restricted and confidential data.
- Support the businesses in performing post incident reviews for impactful incidents across the group, ensuring that a detailed analysis of root cause, detection, response, and recovery activities is performed appropriately. Help facilitate workshops with the incident response teams to identify areas for improvement, applying lessons learned across the group.
- Support the facilitation of crisis simulations and help the businesses prepare for a major incident.
- Monitor global information security trends, technologies, and regulations to ensure these are considered in Group initiatives and business unit programmes to protect data. Working with Group Legal to understand the IS implications of new legislation and supporting businesses to ensure appropriate programmes of work are in place to respond.
- Lead or support ABF group initiatives to help businesses address common areas of risk and avoid a duplication of effort.
Skills, Knowledge and Expertise
- Experience in performing security assessments against frameworks such as ISO27001, NIST CSF, CIS, GDPR etc.
- Experience of risk management principles, implementing risk frameworks and executing security risk assessments based on security best practices (e.g., ISO 27005, ISO3100, etc.) across large, global businesses.
- Good understanding of IS risks, issues and controls associated with IT systems, networks and applications that are commonly encountered within a large global organisation.
- Experience in performing audits over IS processes and controls.
- Ability to develop and coordinate programmes of work across multiple divisions, functions, and business units.
- Proven track record in data security and governance.
- Excellent verbal and written skills, including the ability to draft concise, well written and accurate reports.
- Experience of project delivery processes/methodologies and ensuring data security by design.
- Strong team building, leadership, motivation and communication skills to work as an effective member of the GRC team.
- Previous experience of working with legal, audit and compliance teams.
- Security expert with or working towards industry qualifications (CISSP, CISM, CRISC) or equivalent experience.
Benefits
- Monthly phone bill maximum reimbursement limit is Rs.3000.
- Annual check-up for employee
- and spouse including Doctor consultation - reimbursement up to INR 15,000.
- Medical Insurance 5 lakhs
- Flat Coverage.
- Monthly Broadband Bill Reimbursement - Rs.2000 or on actual whichever is lower.
- Life Term Policy.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISM CISSP Compliance CRISC GDPR Governance Incident response ISO 27001 ISO 27005 NIST Risk assessment Risk management RMF Security assessment Strategy
Perks/benefits: Flat hierarchy Health care Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Architect jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information System Security Officer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Threat intelligence-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs