GRC Analyst

GRC Analyst

Application Deadline: 12 July 2024

Department: BizTech

Employment Type: Permanent - Full Time

Location: India

Description

Great People Work Here

Are you searching for a career with bags of variety, in an environment that celebrates differences and empowers collaboration, which values individuals and will encourage you to make an impact? Do you want the freedom to explore, and the opportunities to find new ways and to innovate? If so,  TwiningsOvo delivers.  

We’re looking for people who don’t just come here to get the job done, but who have a real passion for the brand and a desire to do the best job they can. In return, we offer an inspiring package of employee benefits - to show just how much we value you. This role will offer you the scope for growth and the tools to aim high.

The Security Governance, Risk and Compliance (GRC) Analyst requires an individual with initiative, drive and ambition to help deliver the future cyber risk and compliance strategy at ABF. This is a highly autonomous role that benefits from close interaction with senior leadership across ABF. The role will report to the GRC Manager and be responsible for delivering compliance assessments against policy, NIST, ISO, etc; support businesses with remediating identified gaps, and; providing support, advice, and guidance to help businesses understand and achieve their risk and compliance objectives. They will support ABF group initiatives to help businesses address common areas of risk and avoid any duplication of effort.

Please note that this role is working for Associated British Foods under the trading name of Twinings Ovaltine India. 

Key Responsibilities

• Thought leadership, Influence and Deliver Cyber Risk Assurance
• Plan and execute assessments against industry best-practice frameworks (NIST, ISO, etc.) at the businesses.
• Plan and execute compliance assessments of ABF IS policy at the businesses.
• Responsible for holding to account operational areas, owners of risk and suppliers to deliver against the Group Cyber Security (GCS) strategy, programmes, and requirements.
• Support the creation and implementation of an enhanced Cyber Risk Management framework for the group. Working closely with the GRC Manager and key stakeholders to support businesses in identifying, assessing, and managing their cyber risks.
• Ensure consistent and continual alignment to the business and GCS strategy through oversight of a Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting.
• Monitor and drive rollout of the cyber governance, risk, and compliance programme for information security.
• Support the collation of cyber risks for reporting to the board.
• Support maintaining the information security policy set for the group. Working closely with the Head of GRC and GRC Manager to continuously improve Group IS policies and guidelines to ensure policies remain current and appropriate.
• Support the adoption and maintenance of a GRC platform
• Advise on exceptions to ABF information security policies. Track/approve exceptions which impact multiple BUs or present a risk to the group.  
• Provide support, advice and guidance to ABF businesses to help them maintain robust IS controls to protect restricted and confidential data.
• Support the businesses in performing post incident reviews for impactful incidents across the group, ensuring that a detailed analysis of root cause, detection, response, and recovery activities is performed appropriately. Help facilitate workshops with the incident response teams to identify areas for improvement, applying lessons learned across the group.
• Support the facilitation of crisis simulations and help the businesses prepare for a major incident.
• Monitor global information security trends, technologies, and regulations to ensure these are considered in Group initiatives and business unit programmes to protect data. Working with Group Legal to understand the IS implications of new legislation and supporting businesses to ensure appropriate programmes of work are in place to respond.
• Lead or support ABF group initiatives to help businesses address common areas of risk and avoid a duplication of effort.

Skills, Knowledge and Expertise

• Experience in performing security assessments against frameworks such as ISO27001, NIST CSF, CIS, GDPR etc.
• Experience of risk management principles, implementing risk frameworks and executing security risk assessments based on security best practices (e.g., ISO 27005, ISO3100, etc.) across large, global businesses.
• Good understanding of IS risks, issues and controls associated with IT systems, networks and applications that are commonly encountered within a large global organisation.
• Experience in performing audits over IS processes and controls.
• Ability to develop and coordinate programmes of work across multiple divisions, functions, and business units.
• Proven track record in data security and governance.
• Excellent verbal and written skills, including the ability to draft concise, well written and accurate reports.
• Experience of project delivery processes/methodologies and ensuring data security by design. 
• Strong team building, leadership, motivation and communication skills to work as an effective member of the GRC team.
• Previous experience of working with legal, audit and compliance teams.
• Security expert with or working towards industry qualifications (CISSP, CISM, CRISC) or equivalent experience.

Benefits

• Monthly phone bill maximum reimbursement limit is Rs.3000.  
• Annual check-up for employee
• and spouse including Doctor consultation - reimbursement up to INR 15,000. 
• Medical Insurance 5 lakhs
• Flat Coverage.  
• Monthly Broadband Bill Reimbursement - Rs.2000 or on actual whichever is lower. 
• Life Term Policy.