GRC Cyber Analyst

at  Arup

A career at Arup offers you the chance to make a positive difference in the world. Independently owned and independently minded, we attract a diverse mix of people to work on ground-breaking global projects. We have an ambitious commitment to be the digital leader in the built environment and have digital teams and experts all over the world, who collaborate on world-leading software, data and technology projects and products. Being a global team means we value people with diverse experiences, backgrounds, specialisms and skills.

ABOUT ARUP

The people at Arup are driven to find a better way and to deliver better solutions for our clients.
We welcome applications from a diverse group of people, including those who are seeking flexible working, have accessibility needs, want to bring their whole selves to work, and can enrich our workforce with cultural diversity.
We offer a competitive remuneration package commensurate with qualifications and experience to the right candidate including a global profit share scheme, excellent staff benefits and long-term career development opportunities.
We’ve always been a purpose-led organisation. we are here to support each other, to do our best work possible and make our own special contribution. We’re here to shape a better world, and for us ‘better’ is all about creating a more sustainable future for the world.

ESSENTIAL SKILLS AND KNOWLEDGE:

• Analytical and problem-solving skills to identify and assess risks and threats
• Some industry GRC or information risk management experience desirable
• Ability to understand the business context and technology landscape, and apply appropriate security solutions in response to differential risks and needs
• Understanding of data loss prevention techniques
• Excellent emotional intelligence to foster openness and transparency within the team
• Experience in information risk management

DESIRABLE SKILLS AND KNOWLEDGE:

• Knowledge of compliance and audit
• Experience on industry standards NIST, CIS and ISO22301

QUALIFICATIONS

• University degree level qualification or equivalent industry experience

THE ROLE

We are looking for a governance, risk and compliance (GRC) cyber analyst for our growing global cyber security team. You will help protect Arup’s digital infrastructure and data from cyber-attack. You will help to assess Arup’s information and cyber risks, define Arup’s security policies, standards and guidelines, run a cyber education and awareness programme, manage supply chain cyber risk, manage data loss prevention and ensure that Arup is compliant with relevant cyber legislation and standards.
The GRC team is distributed globally. The cyber security analyst role reports to the GRC service leader based in UK.
“Being a graduate and starting in a new team can be intimidating, but from my very first day with the Cyber Security team I felt welcome. Across varying skill levels, ranging from juniors to top industry professionals, the team goes above and beyond to support each other, find solutions, and build companywide awareness of the importance of cyber security. Your perspective is always considered and appreciated, which really makes you feel like you’re making a difference to Arup and to our people’s security. This has been a motivating and empowering experience for me throughout these uncertain times.” - Yana, UK

RESPONSIBILITIES OF THE ROLE INCLUDE:

• Representing cyber in Australasia region for any cyber related requests and issues
• Ensure compliance with Arup’s information security control framework
• Coordinating cyber security awareness campaigns in Australasia region
• Liaising with stakeholders in the Australasia region for new developments in Digital and drive security by design
• Conducting threat and risk assessments and drive risk closure
• Keeping Arup’s cloud and other information environments secure and compliant
• Conducting supply chain cyber due diligence
• Working with the software development community to ensure digital products and services are secure by design
• Helping to deliver Arup’s data loss prevention program
• Auditing internal infrastructure and applications against defined security framework
• Driving IT disaster compliance activities
• Driving security control assessments and thriving for raising the compliance level in Australasia region
• Measuring cyber processes, controls and reporting on the effectiveness of the cyber management plan