GRC specialist (Governance, Risk Compliance)

I am working with a professional services client based in Central London who is looking for a GRC specialist to join their global team with the governance, risk and compliance team. This is a fast paced environment where you will be exposure to different environments and gain further experience within this field.

Experience

1. Vendor Security Assessments. Solid hands-on experience doing end-to-end vendor security risk assessments/reviews (full life cycle) - at least 2 years of experience needed
2. Client/Customer Security Questionnaires. Experience responding to Client/Customer Security Questionnaires regarding security posture of company.
3. Security Risk. Experience with security risk management, inherent risk, residual risk, risk Matrix, risk statements, risk register.
4. Technical Understanding of Security Controls. Very good technical understanding of security controls - especially in relation to ISO 27001 - including but not limited to web application penetration testing, web application Firewall, SOC 2 Type II, security certifications. The ability to speak clearly about security controls to the business in simple terms.
5. Communication. Excellent oral and written skills to internal staff of all levels, senior stakeholders.
6. Respond to client security questionnaires, RFP/RFI's, and audit requests.
7. Perform third-party security vendor diligence, liaise with business stakeholders to perform assessments and identify risk and monitor activities of existing vendors.
8. Respond to and maintain the GRC service queue (ServiceNow) for tickets escalated to the team.
9. Any experience with OneTrust tool or similar would be useful

Education

• Bachelor's degree - whether in Information Security, Computer Science or related areas.
• Industry recognized certification in security such as, for eg, CISSP, CISA, CISM, CRISC, ISO27001).

This is a permanent role based in Central London, the role does offer hybrid working which includes attending the office on a weekly basis as well as some remote working. The salary on offer is £70,000 - £85,000 dependent on experience. The client will only consider those who have the right to work in the UK and will not provide any sponsorship.

Please note you will receive an automated response advising you that we have received your CV.

Morgan Philips Group is a global talent solutions business that disrupts conventional thinking in executive search, recruitment and talent consulting. We operate in over 18 markets in Europe, North & South America, Asia, and the Middle East & Africa. We understand that the future is digital and social, so we embrace the latest technology, including video ads and CVs, as well as social recruiting. Our innovative services are tailored to the new world of work yet we do not lose sight of the fact that employees be they existing and potential are ultimately human beings.

We are committed to ensuring that all job applicants are treated equally, without discrimination because of gender, sexual orientation, marital or civil partner status, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.