AddressThe role will involve Digital Security and Information & Technology (I&T) Governance, Risk and Compliance (GRC) awareness, culture, simulations, supplier security assurance, policies, standards, and risk management.
Reporting to the I&T Governance and Risk Lead, the GRC specialist will support:
Digital security awareness and culture activities including driving ethical phishing and e-learning campaigns.
Specification and facilitation of cyber scenario simulations.
Supplier security assurance activities.
Provision of digital security and technology risk advice and guidance.
Facilitate and support IT risk management processes and continuous improvement.
The GRC Specialist will address tasks as assigned by the GRC team and take ownership of aspects of the risk process, supplier review and awareness campaigns, including monitoring and insights driven by analysis of related data and MI. You will have experience of delivering and working within digital security control frameworks such as ISO27001, NIST CSF and CIS.
As the successful candidate, you will demonstrate strong analytical and problem-solving skills, and the ability to communicate and present information in multiple ways, e.g., written, verbal, preparation of presentations, a career goal in the field of digital security and technology risk management. You will develop, roll-out and manage digital security awareness campaigns across the not just the DS Smith Digital Security team but also the wider business, which includes ethical phishing support and administration.
The GRC Specialist will build effective working relationships across I&T, business stakeholders and external stakeholders as the SME and specialist within GRC. This role may include periodic planned travel, ‘on-site’ visits in support of the business engagement outlined.
About you
Knowledge and experience working with information security standards and frameworks such as ISO, NIST, ISF SOGP, Cyber Essentials, etc.
Ability to communicate clearly and effectively across all management levels of the company, particularly when articulating complex IT concepts to non-IT stakeholders.
Knowledge and experience managing and executing risk and control processes in line with industry good practice.
Experience tracking internal and external audit actions, and support stakeholder liaison to drive actions to closure.
Effective time management skills and ability to juggle several tasks and conflicting priorities
Tertiary academic or vocational qualification in a relevant field, or equivalent work experience/professional accreditations
Professional certifications such as CISSP, CISA, CRISC would be advantageous
Benefits
Competitive salary
Company bonus
Pension scheme
Life assurance
Income protection
25 days holiday plus bank holidays
Electric Car/Bike Scheme
