My client is looking for a GRC Analyst with a focus on IT & Risk. A minimum of 3 years experience is required to join their organisation based in Cork. This is a permanent role.
Key Responsibilities
GRC Transformation & Governance
- Develop, implement, and maintain the organisation's Governance, Risk & Compliance (GRC) framework.
- Create and update supporting policies, standards, procedures, and technologies.
- Define security requirements for RFPs and act as a security consultant across business and IT projects.
- Support internal and external audits, ensuring evidence is collected and remediation is tracked.
- Execute scheduled governance reviews, controls assessments, and compliance checks.
Third Party & Supplier Risk
- Maintain and mature the third-party risk governance framework.
- Conduct and coordinate onsite audits with business owners and suppliers.
- Assess vendor security and IT risks, reviewing third-party security questionnaires, DPIAs, and compliance documents.
- Manage day-to-day supplier risk activities and support ongoing monitoring efforts.
Cyber & IT Risk Management
- Conduct technical and procedural assessments of systems and business processes, with full reporting and remediation tracking.
- Define IT and Cyber Security controls for new transformation initiatives.
- Support the management of the IT risk register, including exposure analysis and risk mitigation activities.
- Oversee incident reporting for IT risk and GDPR-related notifications.
- Promote strong security awareness and risk culture across the organisation.
Security Awareness & Operational Support
- Manage phishing awareness campaigns, employee training, and corrective actions.
- Support internal communications, security announcements, and awareness initiatives.
- Contribute to security incident support activities with the Information Security team.
- Provide GRC advice to business units, including support for data protection and compliance projects.
- Produce regular reporting, dashboards, and management information.
- Maintain Security & Privacy policies and procedures.
Essential Qualifications
- Security/privacy certification such as IAPP, CDPP, CIPP, CISSP, or a relevant third-level qualification or equivalent industry experience.
Essential Skills & Experience
- Strong understanding of security and data protection regulations, directives, and standards.
- Experience with IT controls, risk assessments, and data protection obligations.
- Exposure to frameworks such as NIS, AI governance, GDPR, ISO 27001, PCI DSS, NIST, or similar.
- Ability to manage internal stakeholder relationships and engage with regulatory bodies.
- High ethical standards with the ability to remain impartial and handle sensitive information.
- Strong analytical, diagnostic, and problem-solving skills.
- Proven ability to work collaboratively within a team environment.
- Organised, resilient, and capable of managing workloads effectively.
- Strong communication skills, including written and verbal presentations and training delivery.
Desirable Skills
- 4+ years of relevant experience in GRC, information security, cyber risk, or regulatory compliance.
- Experience in retail, FMCG, grocery, financial, or regulated industries.
- Background in legal, insurance, or regulatory advisory work.
