Security Governance, Risk and Compliance Analyst

at  Forth Ports Group

Job Title: Security Governance, Risk and Compliance (GRC) Analyst
Location: Port of Tilbury or Port of Grangemouth
Compensation: £32,000-£40,000 + on-call allowance once fully trained
Forth Ports is one of the UK’s largest and most dynamic port operator groups, playing a key role in connecting the UK with Europe and beyond. As a multimodal ports owner and operator, we are at the forefront of delivering innovative port-related services. With our recent pledge to achieve carbon neutrality by 2032 and Net Zero status by 2042, we are committed to sustainability and driving the expansion of the UK’s renewable energy sector, particularly offshore wind. Now is an exciting time to join our team as we embark on this transformative journey towards a greener future.

WHAT WE’RE LOOKING FOR:

We are looking for an experienced individual who has Security GRC experience or will consider a recent graduate, who is keen to develop their skills further as Forth Ports will provide a structured learning and education pathway, linked to professional development. This role requires participation in the on-call/out of hours rota, with the capability to provide 24/7 technical support as needed throughout the year and as such, we require flexibility on successful completion of your initial training.

QUALIFICATIONS AND SKILLS:

• Degree educated in a relevant IT related discipline or certification similar to one of the following:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Privacy Professional (CIPP)
• ISO/IEC 27001 Lead Implementer or Auditor
• Excellent verbal and written communication skills.
• Ability to manage projects effectively and provide advice to end users in an accessible way.
• Competent in the use of MS Office suite.
• Hold a valid UK driving licence.
  Preferred:

Specialised knowledge in some of the following:-

• Security Governance Frameworks
• Risk Management and Mitigation Strategies
• Regulatory Compliance (e.g., GDPR, NIS2, NIST, ISO27,001)
• IT Security Policies and Procedures
• Security Audits and Assessments
• Incident Response Planning and Execution
• Business Continuity and Disaster Recovery Planning
• Security Best Practices and Trends
• IT Security Compliance Programs Desirable

ABOUT THE ROLE

Reporting to the Group IT Security Manager, the Security GRC Analyst is responsible for providing specialist expertise in security governance, risk management and compliance for the company’s IT & Services. The Security GRC Analyst will fully participate in all aspects of developing, maintaining and supporting a high-class IT & Infrastructure Service across the Forth Ports Group.
This role will support the delivery and maintenance of IT Business Continuity and Disaster Recovery plans, ensuring that security policies and procedures are effectively implemented and adhered to, and that the organisation remains compliant with relevant regulatory requirements and industry standards.

KEY RESPONSIBILITIES:

• Develop and maintain the IT security governance framework to ensure consistent and effective security practices across the organisation. Be the point of reference for other members of staff on security matters.
• Project manage medium scale projects throughout the complete project implementation cycle to ensure successful implementations in line with the overall IT objectives.
• Support the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, business continuity exercises and making the changes necessary to address deficiencies.
• Prioritise issues based on the impact to the business and not on a first come, first served basis.
• Conduct thorough risk assessments to identify vulnerabilities, evaluate risks and implement appropriate risk mitigation strategies to safeguard systems and data.
• Continuously monitor and assess the organisation’s compliance with security policies, procedures and regulatory requirements, and take corrective actions as needed.
• Develop and maintain metrics to measure the effectiveness of security policies and procedures, and report on these metrics to senior management.
• Assist IT Management and business colleagues with the implementation of large-scale projects, ensuring that security governance, risk management and compliance requirements are met and that implementations are completed successfully within set timescales and budget.
• Provide guidance to users in the use of the available IT facilities, to help ensure that maximum benefits are gained from these facilities.
• Develop and implement security governance frameworks and solutions that provide maximum benefit to the business and end-users while adhering to cost constraints.
• Ensure all requests for service are handled in accordance with the IT service level agreement and that they are recorded on the helpdesk system in accordance with defined procedures.
• Take all reasonable steps necessary to maintain the confidentiality, integrity and availability of the company’s data (electronic or otherwise). This should encompass such areas as backups, passwords, security, etc.
• Liaise with third party suppliers to ensure contractual agreements are delivered.
• Advise IT Management of any risk or potential risk either technical or business related in the use, deployment and design of the company’s IT systems.
• Ensure that all areas of the computer systems are adequately documented and that the documentation is kept up to date in accordance with defined change control procedures.
• Assume responsibility for coordinating security audits, managing incident response planning, and advising on strategic security initiatives to align with business objectives.