Job description
9.6.23 IT
Information Security Governance, Risk & Compliance Analyst (GRC)
Just Group
Fulltime (35 hours per week)
Hybrid, 2 days in the office (Reigate)
Who are Just?
We’re a FTSE 250 Financial Services company that specializes in retirement solutions and right now, our world is moving pretty quickly. With the defined benefit buy-in/buy-out space growing each year, Just continues to annually grow its business by over £2bn of assets.
We are a purpose-driven company with compelling and credible goals. Quite simply, we help people achieve a better later life. We achieve this by providing competitive and innovative products, services, financial advice, and guidance to help our customers achieve security, and certainty and provide them with peace of mind in retirement.
That’s who we are. We’re a company on a mission: to become a beacon for the entire retirement industry. Because we believe everyone deserves a fair, secure, and fulfilling retirement.
About the role
The Information Security team is growing and looking for a self-starting person with excellent problem-solving skills to join our experienced team.
Reporting to the CISO, the Information Security Governance, Risk & Compliance Analyst will be responsible for ensuring that the organization’s information security program is aligned with industry best practices, legal and regulatory requirements, company policies, and the organization’s overall risk management strategy.
You will work closely with stakeholders across the organization to assess, mitigate and manage Information security risks and ensure compliance with applicable regulations and standards.
Key Accountabilities
- Develop and maintain the organization’s information security governance, risk management, and compliance program, in alignment with industry best practices, regulations, and internal policies.
- Perform risk assessments and gap analyses to identify vulnerabilities and areas of weakness within the organization’s Information security program.
- Develop and implement policies and procedures that align with regulatory requirements and industry best practices to ensure the confidentiality, integrity, and availability of the organization’s information assets.
- Provide guidance and support to other departments in the organization on matters related to Information security governance, risk management, and compliance.
- Work with internal and external auditors to prepare for and respond to Information security audits and assessments.
- Ensure that the Organisation maintains compliance with applicable regulations and standards, such as GDPR, HIPAA, ISO 27001, and PCI-DSS.
- Conduct periodic security awareness training for employees to promote a security-conscious culture.
About You
You will have a significant interest in Information Security and IT, excellent attention to detail, and the ability to analyse situations and take the appropriate actions guided by a defined framework.
As you will be dealing with security issues and potentially sensitive data, you’ll need the ability to handle situations sensitively, always maintaining a professional approach. You’ll have good interpersonal skills, be able to communicate with key stakeholders across the organization at a variety of levels and work as part of a team.
The experience, skills, and knowledge we are looking for:
- Familiarity with information security frameworks such as ISO27001, CIS, and NIST.
- Experience within cyber security governance, risk, and compliance. Experience with Microsoft security technologies e.g., Defender and Sentinel in a cloud environment.
- Certifications such as CISSP, CISM, CISA or CRISC are a plus.
- Motivated to learn new technologies.
- Excellent written and oral communication skills, with the ability to deliver clearly to a variety of audiences.
Company Benefits
- A Competitive Salary, Pension Scheme and Life Assurance
- Along with 25 Days Annual Leave plus an Additional Day on us for your Birthday
- Private Medical Cover and Income Protection, just in case
- A generous and highly achievable bonus scheme – paid annually based on individual and company performance against targets.
- Opportunity to progress within your career both in-role and within the company.
- FREE access to the Headspace App, a 24/7 Employee Assistance Helpline, and Trained Physical & Mental Health First Aiders (On-Site)
- A variety of Employee Funded Benefits available to you via our Online Benefits Portal
- Plus, several additional purchase options available for you and your loved ones
Why Just?
We are committed to building a more sustainable business and have publicly committed to reduce our scope 3 emissions to Net Zero by 2050 and our scope 1 and 2 emissions to Net Zero by 2025. We’ve made good progress so far and encourage our people to make small and meaningful changes in their everyday lives, so that we can protect our planet for future generations.
Diversity, Equity and inclusion (DE&I) is a key priority for Just as part of our overall strategy and ensuring all of our people feel proud to work at Just. We have joined a number of initiatives including the Race at Work Charter, designed to improve outcomes for employees from underrepresented backgrounds. We also run a Reciprocal Mentoring scheme for employees from a BAME background, those with a disability and those who identify as LGBTQ+. There are multiple employee network groups, which champion issues including race, gender, social mobility and neurodiversity.
What’s clear about working at Just is that we care. We care about our customers, our purpose, our environment, inclusivity, wellbeing and most importantly - each other.