Security Governance, Risk and Compliance (GRC) Analyst

Reporting to the Group IT Security Manager, the Security GRC Analyst is responsible for providing specialist expertise in security governance, risk management and compliance for the company's IT & Services. The Security GRC Analyst will fully participate in all aspects of developing, maintaining and supporting a high-class IT & Infrastructure Service across the Forth Ports Group.

This role will support the delivery and maintenance of IT Business Continuity and Disaster Recovery plans, ensuring that security policies and procedures are effectively implemented and adhered to, and that the organisation remains compliant with relevant regulatory requirements and industry standards.

Key responsibilities:

• Develop and maintain the IT security governance framework to ensure consistent and effective security practices across the organisation.  Be the point of reference for other members of staff on security matters.

• Project manage medium scale projects throughout the complete project implementation cycle to ensure successful implementations in line with the overall IT objectives.

• Support the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, business continuity exercises and making the changes necessary to address deficiencies.

• Prioritise issues based on the impact to the business and not on a first come, first served basis.

• Conduct thorough risk assessments to identify vulnerabilities, evaluate risks and implement appropriate risk mitigation strategies to safeguard systems and data.

• Continuously monitor and assess the organisation's compliance with security policies, procedures and regulatory requirements, and take corrective actions as needed.

• Develop and maintain metrics to measure the effectiveness of security policies and procedures, and report on these metrics to senior management.

• Assist IT Management and business colleagues with the implementation of large-scale projects, ensuring that security governance, risk management and compliance requirements are met and that implementations are completed successfully within set timescales and budget.

• Provide guidance to users in the use of the available IT facilities, to help ensure that maximum benefits are gained from these facilities.

• Develop and implement security governance frameworks and solutions that provide maximum benefit to the business and end-users while adhering to cost constraints.

• Ensure all requests for service are handled in accordance with the IT service level agreement and that they are recorded on the helpdesk system in accordance with defined procedures.

• Take all reasonable steps necessary to maintain the confidentiality, integrity and availability of the company’s data (electronic or otherwise).  This should encompass such areas as backups, passwords, security, etc.

• Liaise with third party suppliers to ensure contractual agreements are delivered.

• Advise IT Management of any risk or potential risk either technical or business related in the use, deployment and design of the company’s IT systems.

• Ensure that all areas of the computer systems are adequately documented and that the documentation is kept up to date in accordance with defined change control procedures.

• Assume responsibility for coordinating security audits, managing incident response planning, and advising on strategic security initiatives to align with business objectives.

What we're looking for:

We are looking for an experienced individual who has Security GRC experience or will consider a recent graduate, who is keen to develop their skills further as Forth Ports will provide a structured learning and education pathway, linked to professional development. This role requires participation in the on-call/out of hours rota, with the capability to provide 24/7 technical support as needed throughout the year and as such, we require flexibility on successful completion of your initial training.

Qualifications and Skills:

• Degree educated in a relevant IT related discipline or certification similar to one of the following:

- Certified Information Systems Security Professional (CISSP)

- Certified Information Security Manager (CISM)

- Certified Information Systems Auditor (CISA)

- Certified in Risk and Information Systems Control (CRISC)

- Certified Information Privacy Professional (CIPP)

- ISO/IEC 27001 Lead Implementer or Auditor

- Excellent verbal and written communication skills.

• Ability to manage projects effectively and provide advice to end users in an accessible way.

• Competent in the use of MS Office suite.

• Hold a valid UK driving licence.

Preferred:

Specialised knowledge in some of the following:-

• Security Governance Frameworks

• Risk Management and Mitigation Strategies

• Regulatory Compliance (e.g., GDPR, NIS2, NIST, ISO27,001)

• IT Security Policies and Procedures

• Security Audits and Assessments

• Incident Response Planning and Execution

• Business Continuity and Disaster Recovery Planning

• Security Best Practices and Trends

• IT Security Compliance Programs Desirable

What Forth Ports can offer you:

At Forth Ports, our people are our priority, and we are committed to creating a flexible, open, and supportive working culture. As part of our team, you will enjoy:

• A competitive salary

• On-call allowance (once passed training)

• Generous annual leave entitlement

• A defined pension scheme and life assurance

• Health promotion events and employee wellbeing initiatives

• Access to our Employee Assistance Programme (EAP) for you and your family

• Cycle to work scheme and on-site free parking

• Attractive Family Friendly Policies

• Employee discount platform offering discounts on UK-wide restaurants, car rentals, and holidays

• GymFlex health club memberships

We value diversity and inclusivity, and we are an equal opportunities employer. We welcome applications from candidates of all backgrounds and will consider all applications for employment without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, or disability status.

How to Apply:

If you are an experienced Security GRC Analyst and looking to continue your career as part of a forward-thinking and supportive team, we would love to hear from you. Please submit your CV and a cover letter when submitting your application via the ‘Apply Now’ link.