Governance, Risk & Compliance (GRC) Third Party Analyst – 12 months - £600 per day II35
Our client, an enterprise corporation that partners with a number of media, telecommunication and entergy companines worldwide is hiring a GRC Third Party & Risk Analyst on a contract basis paying £600 per day Inside IR 35 on 12 month contract basis with hybrid working in Winchester 2/3 days we week.
This role focuses on running due diligence against new suppliers and assessing their level of risk to the business, reviewing supplier contractual obligations to ensure compliance, analysing supplier contracts to ensure the relevant security controls are established, dealing with third party access requests, and ensuring relevant controls and documentation is in place to allow access. This role also occasionally requires working alongside Threat & Response to deal with potential supplier breaches which may arise
Core responsibilites:
Assess new suppliers’ security controls in line with the risk they present to business and categorise into relevant tier
Support scheduled supplier security audit programme to assess the effectiveness of the organisation's security controls, identifying risks and ensuring they are completed on time, and to a high standard ISO27001:2022
Support in implementing of our clents ongoing supplier security compliance regime, working with InfoSec colleagues and technical stakeholders to continuously assess, quantify and report on the successful and effective supplier compliance across the business with relevant standards, policies, and security frameworks
Undertake regular assessment of supplier contractual security obligations and highlight any non-compliance
Coordinate with third party suppliers and the Information Security Compliance Analyst to ensure supplier audits are undertaken
Provide support to the GRC Supply Chain Assurance Lead on projects and bids from a security compliance and assurance perspective Core technical requirements:
Industry experiece within Telecommunications, Media or Smart Metering would be highly advatageous.
Experience in information security supply chain management
Experience/Knowledge of the Telecoms Security Act (2022) and subsequent secondary legislation, The Electronic Communications (security measures) Regulations 2022 and Telecommunications Security Code of Practice
Good understanding of Risk Management and Access Management
Good knowledge of relevant regulations and standards (e.g., ISO 27001, GDPR (General Data Protection Regulation), NIST (National Institute of Standards and Technology) (National Institute of Standards and Technology)
Experience in undertaking audits
Excellent communication and stakeholder management skills
Strong analytical and problem-solving skills
Professional certifications (e.g., CISA, CISSP, CISM, CISMP, ISO27001 Lead Auditor/Implementor) an advantage
The ability to demonstrate a proactive and continual compliance approachGovernance, Risk & Compliance (GRC) Third Party Analyst – 12 months - £600 per day II35