Our client, a leading end user organisation, is looking for a Data Governance & Security Analyst to support their businesses to implement and maintain IS controls to protect restricted and confidential data.
Support our clients businesses and group Legal to compile reports to support any regulatory disclosures that may be required following information security incidents. Leading group initiatives to support our clients businesses address common data governance and security challenges. This role will require 3 days in the office and 2 days home working.
Key Skills & Experience
- Providing support, advice and guidance to our clients businesses to help them maintain robust IS controls to protect restricted and confidential data.
- Supporting our clients businesses and Group Legal to compile any regulatory disclosures required following cyber security incidents. Working with Group Cyber Security Technical Consultant, the Data Governance and Security Analyst will coordinate inputs from Incident Response Teams to draft clear, concise and accurate incident reports.
- Perform post incident reviews for impactful incidents across the group, including a detailed analysis of root cause, detection, response and recovery activities. Facilitate workshops with the incident response teams to identify areas for improvement, applying lessons learned across the group.
- Providing assurance over the maturity of business unit information security programmes. Preparing and presenting status updates at quarterly Data Protection Steering Committees.
- Monitoring global privacy trends, technologies and regulations to ensure these are considered in Group initiatives and business unit programmes to protect data. Working with Group Legal to understand the IS implications of new legislation and supporting businesses
- Good understanding of the privacy risks, issues and controls associated with IT systems, networks and applications that are commonly encountered within a large global organisation.
- Excellent verbal and written skills, including the ability to draft concise, well written and accurate incident reports to support any regulatory disclosures.
- Ability to develop and coordinate programmes of work across multiple divisions, functions and business units.
- Experience implementing programmes to identify and address unstructured data
- Extensive experience of IT risk management principles as they relate to data protection, applied within a large global organisation.
- Experience of project delivery processes/methodologies and ensuring data security by design.
- Ability to establish effective working relationships across the local and wider IT/Business community with demonstrable examples of driving privacy initiatives.
- Previous experience of working with legal, audit and compliance teams.
- Strong team building, leadership, motivation and communication skills to work as an effective member of the GRC team
- Security expert with or working towards industry qualifications (CISSP, CISM, CISA) or equivalent experience.
- Degree level education, ideally in an IT, Science or Business-related subject
- ITIL Awareness / Foundation level
Candidates must be eligible to work in this country.