Governance Risk and Compliance Consultant
We are currently looking for a motivated and go getter individual to join the Gemserv’s Governance Risk and Compliance Team on a Fixed Term Contract for twelve (12) months with the potential to make it a permanent role. Gemserv works at the heart of multiple industry sectors, and currently we are looking for an individual with practical implementation, effective management and experience under the ISO27001 and 27005 frameworks. Our organisation is experiencing a significant period of growth and successful individual will be expected to support the organisation and its long-term strategy by developing and implementing an effective and successful security governance framework. We are looking for a passionate individual, who is a go getter and loves to take responsibilities to improve the process and effectiveness of business systems.
GRC Team principally involves proactive internal engagement across the business and with external service providers / Accreditation bodies in support of our recognised and Integrated standards (ISO / Cyber Essentials). The Governance Risk and Compliance Consultant reports to and works closely with the Governance Risk and Compliance Manager. This role requires liaison with the business, it’s managers and teams, co-ordinating, arranging and conducting operational security review and internal audits and the attendance / presentation to external auditors, providing the required evidence that demonstrates our adherence to and compliance to our accredited ISO 27001 and 9001 standards. This significantly includes our compliance to UK Data Protection Act 2018 & Risk Management Framework which includes our preparedness for Business Continuity in the event of an information security or personal data related incident.
The role requires the control-based assessment of all assets and activities carried out within the organisation and update of policy and process and strict management of access rights control towards our IT and Business systems and tools. The role requires companywide engagement to ensure good governance and controls around policies designed to improve quality, business efficiency and/or profitability.
The position holder will have the relevant knowledge of ISO standards, business impact analysis, and risk management. The role requires a good level of personal interface and relationship building with all the teams / team managers across the business to ensure the delivery of good customer outcomes that will positively contribute to the delivery of the Company’s long-term strategic targets.
- Working with the GRC Manager to develop and implement a “Security First” culture in the organisation;
- Practical experience of undertaking Information Security Management System (ISMS) compliance projects in accordance with ISO27001 and ISO27005 framework;
- Identifying risks to business information and systems and undertaking Business Impact Analysis and advising teams on remediation actions;
- Support the Governance Risk and Compliance manager with operational security assessments and identify improvements;
- Ensure active engagement with all teams and departments within the business and spend time with them understanding their day to day process for risk identification and process improvement;
- Regular review of Business Continuity Plan across the business to ensure it is always relevant and fit for purpose;
- Liaising with all delivery teams on regular basis to ensure the data processing activities are always relevant and help identify wherever there is a risk to personal data;
- Should work collaboratively with business leads if an incident has been identified and take it to a logical end through containment, recovery and lessons learnt;
- Ensure the Supplier Security Management Process within Gemserv is well managed and up to date which enables just in time review for Supplier Information Security Evaluation when needed;
- Provide continuous support to the business in raising awareness on information security and data protection through regular communication, team meetings, staff meetings and online trainings;
- Conduct regular companywide workshops and training sessions on security, data protection and customer centricity.
- Maintain and review the effective physical security controls for the office by regular review of physical access rights and supporting new staff with appropriate access cards;
- Conduct regular internal audits based on the requirements of ISO27001, ISO9001 and ISO14001.
To be successful in the role the post holder should be able to demonstrate experience in the following areas:
- Technical knowledge of information security compliance (ISO27001, ISO27005), information management and IT security arrangements;
- Good understanding of ISO22301 Framework and preferably interest in Data Protection/GDPR;
- Have practical experience in undertaking ISO 27001 control-based assessment;
- Knowledge or experience of undertaking privacy impact assessment;
- Good knowledge of ISO9001 and ISO14001;
- Confidence in communicating with stakeholders at all levels;
- Ability to provide support in data protection impact assessment, data leakage and privacy;
- Ability to explain complex ideas in a concise manner;
- Ability to work independently with little to no supervision;
- Have in-depth understanding of Information security risk assessment and treatment requirements; and
- Knowledge of Quality and Environmental Management System.
- Excellent communication and inter personal skills and ability to engage with stakeholders at all levels;
- Passion to develop own skills and knowledge in information security and data protection compliance;
- Proactive, ‘hands on’ starter finisher, high achiever, and result driven individual;
- Highly organised and able to manage and prioritise workload;
- Practical auditing experience.
- CompTIA, Security+, ISO27001 Implementer, ISO 27001 Auditor (desirable)
Upon employment, employee should also have a sound awareness of the Company's Information, Quality, Environmental and Management Systems along with understanding of Gemserv compliance with GDPR and UK Data Protection Act 2018.
We are passionate about helping drive the energy market transformation and data revolution. We work right across our sectors, from government bodies to global blue-chip organisations and small independent companies.
The nature of what we do means we are very much a people business. The contribution every member of the team makes to our diverse range of experience, skills and personalities is valued.
We invest heavily in learning and development to enable our people to develop skills and gain experience which will enhance career prospects for life. Many who started their careers with us have rapidly progressed to more senior positions.
At Gemserv no two days are the same, but we believe in a flexible approach to working which we know our employees value. That focus on encouraging a positive work/life balance extends to the many regular social events where employees get the opportunity to meet people from across the business and the wider industry in a more informal environment. We also offer an attractive package of benefits in addition to highly competitive salaries including bonus scheme, pension and healthcare, season ticket loans, discounted gym membership, Cycle to Work scheme and more.
If you can see yourself working at Gemserv, then we would love to hear from you. Please submit your CV and application to us by clicking ‘Apply now’