View all jobs
Global IT GRC Analyst with remote options
Sofia, SofiaJob Profile Summary Description
The IT Governance, Risk, and Compliance (IT GRC) Analyst (GRCA) engages with stakeholders to identify key controls around the compliance and risk posture of Imperial Brands’ information assets. The GRCA also provides stakeholders with advice on addressing compliance gaps and risks that have been identified.
The GRCA provides technology risk and information security expertise to the Global IT function and coordinates the implementation of IT risk management processes within Global IT.
The GRCA will support, monitor and validate effective risk analysis, compliance with Global IT standards, awareness and education, and coordinate the development of policies, standards and guidelines.
This role will work closely with Cybersecurity, Application Operations, Solution Delivery and other teams within Global IT as well as the Information Security, Procurement, Privacy and Legal functions to build a better understanding and acceptance of IT GRC practices.
Additional Information
Principal Accountabilities
Technology Risk Mgmt.:
• Assess risks in technology implementations and, guide development and operations teams with risk mitigation advice to ensure a good IT Control environment is implemented.
• Support the Head of IT GRC and other team members in assessing IT controls compliance across the Imperial Brands IT estate
• Manage the monthly tracking and reporting of compliance actions. Automate the tracking and reporting process and focus on delivering value-add insight to stakeholders.
• Prepare IT risk metrics and work with the Head of IT to present these to senior stakeholders to drive meaningful action.
• Manage the IT Policy annual review process, ensuring that the policy is reviewed and updated to meet compliance requirements and changes in the IT landscape.
Third Party Risk Mgmt.:
• On being notified by IT Vendor Management, Global Procurement or legal, review relevant third party IT security controls based on evidence provided by 3rd parties. Drive improvement in the 3rd party security review process.
• Support IT & Business stakeholders in making informed decisions on addressing gaps in supplier security controls. In partnership with Information and Cyber security, ensure that decisions to accept risks have appropriate sign off.
• Track gaps in supplier security controls to closure, Provide metrics and risk mitigation advice to procurement and IT Vendor mgmt. teams as they work with suppliers to close control gaps.
Other ad-hoc:
• Liaise with Internal and External audit teams as required and ensure that audit findings are balanced and have appropriate actions/timelines.
• Deliver policy and standards training to Global IT staff, as requested.
• Represent Global IT GRC on IT project steering teams and provide risk/compliance input.
The IT Governance, Risk, and Compliance (IT GRC) Analyst (GRCA) engages with stakeholders to identify key controls around the compliance and risk posture of Imperial Brands’ information assets. The GRCA also provides stakeholders with advice on addressing compliance gaps and risks that have been identified.
The GRCA provides technology risk and information security expertise to the Global IT function and coordinates the implementation of IT risk management processes within Global IT.
The GRCA will support, monitor and validate effective risk analysis, compliance with Global IT standards, awareness and education, and coordinate the development of policies, standards and guidelines.
This role will work closely with Cybersecurity, Application Operations, Solution Delivery and other teams within Global IT as well as the Information Security, Procurement, Privacy and Legal functions to build a better understanding and acceptance of IT GRC practices.
Additional Information
Principal Accountabilities
Technology Risk Mgmt.:
• Assess risks in technology implementations and, guide development and operations teams with risk mitigation advice to ensure a good IT Control environment is implemented.
• Support the Head of IT GRC and other team members in assessing IT controls compliance across the Imperial Brands IT estate
• Manage the monthly tracking and reporting of compliance actions. Automate the tracking and reporting process and focus on delivering value-add insight to stakeholders.
• Prepare IT risk metrics and work with the Head of IT to present these to senior stakeholders to drive meaningful action.
• Manage the IT Policy annual review process, ensuring that the policy is reviewed and updated to meet compliance requirements and changes in the IT landscape.
Third Party Risk Mgmt.:
• On being notified by IT Vendor Management, Global Procurement or legal, review relevant third party IT security controls based on evidence provided by 3rd parties. Drive improvement in the 3rd party security review process.
• Support IT & Business stakeholders in making informed decisions on addressing gaps in supplier security controls. In partnership with Information and Cyber security, ensure that decisions to accept risks have appropriate sign off.
• Track gaps in supplier security controls to closure, Provide metrics and risk mitigation advice to procurement and IT Vendor mgmt. teams as they work with suppliers to close control gaps.
Other ad-hoc:
• Liaise with Internal and External audit teams as required and ensure that audit findings are balanced and have appropriate actions/timelines.
• Deliver policy and standards training to Global IT staff, as requested.
• Represent Global IT GRC on IT project steering teams and provide risk/compliance input.