Cyber Security Analyst

We are seeking a GRC (Governance, Risk, and Compliance) Analyst to join our client’s security team in Dublin. This role will be crucial in a fast-paced environment where you'll be responsible for ensuring our security posture aligns with key regulatory frameworks and industry best practices. The ideal candidate will have deep expertise in ISO 27001, NIST, and DORA.

Responsibilities

• Compliance & Governance: Lead the implementation and maintenance of security frameworks, specifically ISO 27001, NIST CSF, and the new DORA regulation.
• Risk Management: Conduct detailed risk assessments and gap analyses to identify vulnerabilities and compliance gaps against specified frameworks.
• Audits: Coordinate and support internal and external audits, including preparing evidence and documentation for auditors. You will be the point of contact for audit inquiries.
• Policy & Procedure: Develop, update, and manage security policies, standards, and procedures to ensure they align with the latest regulatory requirements.
• Reporting: Create and present clear, actionable reports on our compliance status, risk posture, and remediation efforts to both technical teams and senior leadership.
• Remediation: Track and facilitate the remediation of identified control gaps, collaborating with various teams to ensure timely resolution.

Skills & Qualifications

• Experience: At least 3-5 years of experience in a GRC, information security, or IT audit role.
• Technical Expertise: A comprehensive and practical understanding of ISO 27001 and its implementation. Experience with NIST frameworks (e.g., CSF, SP 800 series) is essential.
• DORA Knowledge: A strong understanding of the Digital Operational Resilience Act (DORA) is a key requirement. You must know what it entails and how to apply it within a financial or IT services organization.
• Certifications (Preferred): Relevant professional certifications are highly desirable, such as ISO 27001 Lead Implementer/Auditor, CRISC, CISA, or CISSP.
• Communication: Excellent communication and stakeholder management skills. You must be able to translate complex security and compliance requirements into a business context for non-technical audiences.
• Problem-Solving: Strong analytical and problem-solving abilities, with a meticulous attention to detail.