We have a current opportunity for a Global Governance Risk & Compliance Analyst on a permanent basis. The position will be based in London with a leading energy company.
They are one of the biggest contributors to energy security in the UK and a key player in the country's net zero ambitions.

Purpose of Role:
* The GRC Analyst shall help to manage compliance and assurance activities across all global locations.
* The role will ensure that relevant Policies, Procedures and Processes are defined and updated to reflect global requirements and local variations.
* To ensure that Risks are identified, recorded and managed accordingly. To ensure that the Risk actions are tracked and monitored to completion.
* Work with all regional offices to capture any Risk Exception requests and ensure these are identified and addressed in a timely manner.
* The role will be involved with the review and assessment of Key Controls globally within IS, and identifying and escalating any deficiencies within the control assessment process.
* Global training of staff for IS GRC related activities.
* The Global IS GRC Analyst is part of the team who deliver the risk management, control, compliance and assurance programmes within HE Information Systems.

Critical Responsibilities (MAE/MATTE/HSES):
* Ensure that all activities are carried out in a safe manner complying with all regulatory requirements, legislation and HSEQ procedures
* Support internal/external audits and regulatory examinations, providing necessary documentation and information.

Areas of Accountability, Responsibility and Competence:
Risk Management
* Liaise with internal/external auditors and regulatory bodies during audits and assessments, ensuring the timely and accurate provision of information and addressing any findings or recommendations.
* Work with Risk owners to ensure that risk treatment plans are monitored and action tasks are completed in a timely manner.
* Assist with the BIA Process to capture required information for applications and services.
* Contribute to the Third Party Risk Management process with the issue and review of vendor questionnaires, providing direct assistance in their completion where required.

Control Assessments
* Ensure that assessments are regularly conducted, which can identify potential weaknesses in the company's IS Control environment.
* Collaborate with IS teams to ensure the timely remediation of control failings and improvements.
* Provide training and input to control assessments to staff where required.

Remedial Training
* Provide guidance and support to ensure compliance with applicable laws, regulations, and standards, such as NIST, ISO 27001, and GDPR
* Work with staff who need additional training to ensure that identified needs are addressed.
Improvement Activities
* Collaborate with IT teams, business units, and senior management to enhance awareness and understanding of IS Security principles, practices, and objectives.
* Ensure the successful delivery of initiatives and projects within the Governance, Risk and Compliance environment
* Foster strong working relationships with key stakeholders to promote effective communication, coordination, and alignment of IS GRC initiatives.
* Provide regular reports, presentations, and updates as required to demonstrate state of GRC function.

Critical Skills, Qualifications, Experience, etc. :
* Proven track record in developing policies and procedures
* Understanding of regulatory requirements, including cross-industry regulations (e.g., GDPR, Data Protection Act) and industry-specific regulations
* Proficient in IT governance and quality standards
* Professional certifications such as CISM (Certified Information Systems Manager), CRISC (Certified in Risk and Information Systems Control), ISO 27001 Lead Implementer/Auditor, or equivalent are desirable.
* Advanced Microsoft 365 skills (Excel/PowerPoint) are preferred.
* Proven experience in risk management and cyber risk assessment
* Strong knowledge of IT controls risk assessment methodologies.
* Familiarity with one or more industry frameworks and standards such as ITIL, COBIT, NIST Cybersecurity Framework, and ISO 27001.
* Strong communication skills, both verbal and written, with the ability to present technical information to non-technical stakeholders effectively.
* Demonstrated ability to work independently, manage multiple priorities, and meet deadlines in a fast-paced environment.
* Ability to influence and collaborate with cross-functional teams.

Our role in supporting diversity and inclusion
As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment.