Eastwood Libis, QC, PH

Security Analyst Governance Risk Compliance

Position Summary:

The Cyber & Information Security Analyst Governance Risk Compliance (GRC) is responsible for delivering the client’s Cyber & Information Security Governance Risk and Compliance capability, supporting their line manager in setting the vision, roadmap, and standards in line with the Company’s policies and frameworks and delivering effective GRC activities in support of the company’s business strategy.

The Cyber & Information Security Analyst RC serves as a key member of the CISO and wider Digital & IT community, with delegated responsibilities associated with the design and delivery of capabilities that continually improve the provision of Governance Risk and Compliance services to the client’s Businesses and Professional Services. This requires:

• Keeping up-to-date with security and Digital IT threats and associated risks that have the potential to adversely affect the client’s Manufacturing & Industrial businesses, ensuring adopted cyber security frameworks are fit for purpose and evolve to counter such threats.
• Ensuring appropriate Information, IT, and Industrial capabilities and controls are incorporated into the GRC framework to protect the client’s Manufacturing & Industrial businesses from internal and external cyber threats.
• Taking responsibility and ensuring local programmes and projects adhere to Local and Group cyber and information security requirements, mitigating existing and emerging security risks.

Job Details:

• Work from Home
• Monday to Friday | 8 AM to 5 PM UK Time
• *Following UK Holidays

Responsibilities:

• Contribute to defining and delivering a Cyber & Information Security Strategy that supports Business and Digital Transformation plans. In addition, support the effective delivery of the client’ led Cyber & Information Security initiatives.
• Be a trusted member of the team, ensuring the company is not only compliant with Group Policy, Standards, and Minimum Security Rules, but also regulations.
• Maintain a regular cadence for undertaking cyber security risk analysis of the client’s businesses aligned to the client’s Group Risk Management methodology and procedures.
• Understand the firm’s risk appetite and help design and implement local processes and procedures that enable the client’s businesses to move to and operate within risk appetite, whilst enabling growth and innovation.
• Support the function and help improve capabilities to manage cyber risk related to third-party suppliers and partners. Ensure that contracts and service agreements with third-party suppliers and partners meet cyber & information security requirements.
• Support their Manager and CISO in developing a competent CISO function that provides quality service, guidance, and assurance on all cyber & information security matters including risk & compliance, information protection, and business continuity & disaster recovery across the Digital IT and OT environments.
• Establish strong relationships with internal clients including Digital IT, Legal, Procurement, People Management, Finance, Marketing, Group, Internal Audit, External Audit, Businesses (Interior Solutions, Manufacturing, Glass for Buildings, Off Site Solutions (OSS), Constructions Specialities and High-Performance Solutions (HPS)), demonstrating a thorough understanding of their business, their challenges and the value cyber security can add.
• Support Development and Support teams by providing active guidance, instruction, and assurance that new products meet or exceed Group and the client’s Security Requirements as well as those of our regulators.
• Proactively highlight and escalate changes to regulations affecting the client’s businesses. Where necessary, establish and sponsor projects to deliver such changes, providing stakeholders with regular progress updates as necessary.
• Maintain up-to-date registrations and declarations with various regulatory entities within the company’s jurisdictions, and support regulatory requirements of non-UK&I regulatory entities for applications and systems that are hosted in the UK but are managed by Security functions that sit outside the UK&I.
• Contribute to local Cyber Security Forums, and actively participate in Group led, Internal as well as external forums to proactively share knowledge, keep stakeholders informed on SG UK’s cyber resilience initiatives, and maintain oversight of the horizon and industry trends.
• Assist their Manager in the development of all security-related plans pertaining to Digital IT and OT throughout the client’s network, act as a champion on the secure implementation of operational controls, providing advice and support on security technologies and related regulatory issues.
• Ensure that all Acquisitions and Divestments are completed in line with Group directives, whilst minimizing the introduction of any new security risks to the company.
• Ensure that you fully comply with the company’s Data Governance Policies as they relate to your area of responsibility and demonstrate in your day-to-day work that you treat data as an important corporate asset that must be protected and managed.
• Maintain the company’s compliance standards and in collaboration with line Management and CISO department, ensure timely completion and submission of all local and group-driven reporting requirements.
• In collaboration with the Group, ensure that appropriate and effective GRC measures are established to ensure Acquisitions and Divestments are completed in line with Group directives, whilst minimizing the introduction of any new security risks to the company.

Qualifications:

• Degree in business administration or a technology-related field.
• Industry-recognized security certifications, such as CISA/CRISC or equivalent experience are desirable but not essential, though attainment will form part of personal development objectives.
• Experience in a combination of risk management, information security, and Digital IT jobs.
• Knowledge of information security management frameworks, such as ISO/IEC 27001, and NIST are beneficial but not essential.
• An understanding of the evolving threat landscape and the ability to translate an emerging threat’s likelihood of exploiting inherent weaknesses, and business impact and therefore articulating calculating overall risk and developing risk mitigations - is beneficial.
• Methodical approach to threat assessment and treatment.
• Ability to work under pressure and manage multiple priorities simultaneously
• Excellent written and verbal communication skills and a high level of personal integrity.
• Self-motivated and ability to work on my own initiative toward business improvement.
• Analytical skills and ability to assimilate information.
• Relationship builder and good networking skills.
• General understanding of Risk Management and Risk-based decision-making.
• Experience with third-party assurance and contract negotiations.
• Experience with Project Management and Development methodologies, such as Agile.
• Broad technical Digital IT and Industrial experience including Cloud computing, websites, ERP, big data, ICS, and SCADA systems.
• Good standards in quality and integrity towards the delivery of information.

by Garegin Hakobyan