GRC Consultant - (Governance Risk and Compliance) - Security

  • Salary:400 - 550
  • Location:London, England, United Kingdom
  • Job Type:Permanent, Full time
  • Company:Alexander Ash Consulting
  • Updated on:20 Jul 19

My client a leading consultancy with a great background working within financial services is currently recruiting for a GRC consultant to join them on a contract basis in London. You’ll be joining a large scale security transformation programme, with well-known financial services client. The ideal candidate will have a BIG 4 background and strong knowledge of the financial services industry.

Client

My client a leading consultancy with a great background working within financial services is currently recruiting for a GRC consultant to join them on a contract basis in London. You’ll be joining a large scale security transformation programme, with well-known financial services client. The ideal candidate will have a BIG 4 background and strong knowledge of the financial services industry.

 

Role Responsibilities:

  • Develop and manage a security governance function including facilitation and participating in various Information Security Committees.
  • Develop and manage Information Security Compliance functions interfacing with 2nd and 3rd line (internal and external) Audit, Operational Risk and Compliance teams.
  • Maintain Information Security policies and controls, based on industry standards and best practices which incorporate all applicable international legislative and regulatory requirements.
  • Develop and maintain an Info Sec dashboard and metrics that provide an accurate representation of the Information Security risk profile and relevant cyber threats.
  • Manage and complete external and internal critical supplier risk assessment, as well as assurance reviews of inflight projects.
  • Delivery of security projects and improvement, awareness and training programme including anti-phishing campaigns.
  • Build a security culture within the company by providing guidance, awareness and advocacy of Information Security.
  • Experienced professional with Information Security professional with excellent communication, relationship building and relationship management skills.
  • Must have relevant experience with industry best-practice approaches to the governance, operation and management of IT systems (e.g. NIST, ISO 27000, SANS Critical Controls, ITIL, COBIT, ISO 31000, etc)