Cyber GRC Engineer - Flutter Group, Hybrid & Remote
Cyber Security Engineer Mid 1
As a Cyber GRC Engineer, you will be responsible for supporting the design, implementation, and ongoing management of our GRC platform and our automated assurance framework. You will work closely with internal teams to ensure that the company adheres to industry standards, regulatory requirements and best practices related to cyber risk management and compliance. Your expertise will be key in integrating and maintaining cutting-edge tools that ensure our controls are automatically and continuously monitored. This role offers a unique opportunity to work closely with diverse teams, continuously optimising our systems to support our Governance, Risk, and Compliance (GRC) objectives.

Accountabilities & Responsibilities:

• Develop and integrate advancing tooling and technologies to ensure that security controls are effectively automated and continuously monitored.
• Ensure seamless implementation and configuration of toolsets with relevant internal systems and applications.
• Integrate automated assurance platform with relevant workflow tools such as Jira and Slack.
• Maintain and optimize the automated assurance toolset to ensure it operates efficiently and effectively.
• Manage regular updates and integrate new features as they become available.
• Implement automated solutions to mitigate potential threats and vulnerabilities.
• Continuously strive to identify opportunities for controls uplift and automation across both Cyber and the wider Technology infrastructure.
• Maintain high standards of security and risk management in line with relevant standards (NIST CSF, ISO 27001) by leveraging automation.
• Work with IT, security, risk and compliance, internal controls and audit teams to ensure the platform meets their needs.
• Train relevant staff on the use and benefits of the automated assurance tool.
• Monitor the effectiveness of automated controls, driving continuous improvements to maintain robust security and compliance.
• Create and maintain comprehensive documentation for the tool’s configuration, usage, and maintenance.
• Generate regular reports on the tool’s effectiveness and the organization’s compliance status.
• Utilise the tool to identify, assess, and mitigate cybersecurity risks.
• Generate automated risk reports and dashboards for management review.

Skills & Capabilities:

• Excellent problem-solving skills and the ability to analyse complex challenges
• Strong interpersonal and relationship-building skills
• Focused on developing knowledge and skills
• Self-motivated with a ‘get-out-there’ attitude focused on continuous improvement
• Strong focus on prioritisation and understanding trade-offs
• Willing to challenge the status quo
• Enjoy and comfortable within both individual and team environments
• Excels in fast-moving and dynamic environments

Qualifications & Experience:

• Experience in integrating security tooling.
• Expertise in implementing automated assurance tools is desirable although not essential
• Knowledge of industry standards such as NIST CSF, ISO27001, or PCI-DSS is highly desirable.
• Proven experience in Cyber controls assurance (e.g. advisory, internal or external audit roles) is desirable although not essential
• Proficiency in scripting languages (e.g., Python, PowerShell) to automate processes and tasks.
• Ability to manage projects, including planning, execution, and monitoring
• Experience in working with technologies such as AWS, ServiceNow, Jira, Okta, Crowdstrike etc. is desirable
• Additional technical knowledge in AWS such as writing Lambda functions, creating AWS SCPs and CloudFormation templates as well as working with services such as Config and SecurityHub would also be advantageous
• Familiarity with GRC tools is an advantage
• Experience in performing proof of value (POV) exercises of Cyber security tooling is an advantage

Measure of Success:

• Automated Assurance Framework Roadmap defined and executed.
• ‘Out of the box’ plugins and bespoke integrations developed across our technology stack
• Clear processes for maintaining performance, monitoring reliability and driving continuous improvements on our GRC platforms

What you can expect:

• 25 days of annual leave;
• Sharesave scheme;
• ”Flexible Benefits” of your choice;
• Private health insurance (includes dental insurance and health assessments);
• Free parking;
• Thousands of courses online through ‘Udemy’

Ways of working:
Flexible working is our way of working! We’re a diverse workforce and therefore a ’one size fits all’ approach isn’t necessarily best. Whatever your personal needs may be, let’s have a chat and see how we can accommodate them;
We thank all applicants for their interest, however only the suitable candidates will be contacted for an interview.
By submitting your application online, you agree that: your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than two years, in order to consider you for prospective role within the company.

• Develop and integrate advancing tooling and technologies to ensure that security controls are effectively automated and continuously monitored.
• Ensure seamless implementation and configuration of toolsets with relevant internal systems and applications.
• Integrate automated assurance platform with relevant workflow tools such as Jira and Slack.
• Maintain and optimize the automated assurance toolset to ensure it operates efficiently and effectively.
• Manage regular updates and integrate new features as they become available.
• Implement automated solutions to mitigate potential threats and vulnerabilities.
• Continuously strive to identify opportunities for controls uplift and automation across both Cyber and the wider Technology infrastructure.
• Maintain high standards of security and risk management in line with relevant standards (NIST CSF, ISO 27001) by leveraging automation.
• Work with IT, security, risk and compliance, internal controls and audit teams to ensure the platform meets their needs.
• Train relevant staff on the use and benefits of the automated assurance tool.
• Monitor the effectiveness of automated controls, driving continuous improvements to maintain robust security and compliance.
• Create and maintain comprehensive documentation for the tool’s configuration, usage, and maintenance.
• Generate regular reports on the tool’s effectiveness and the organization’s compliance status.
• Utilise the tool to identify, assess, and mitigate cybersecurity risks.
• Generate automated risk reports and dashboards for management review