Are you a Risk and Compliance Analyst looking to promote transparency and accountability? Do you want to work with internal teams to strength internal control systems? We are looking for an Analyst to join our Risk and Compliance team to ensure there are high standards of risk management, governance and compliance within REPL Group. You’ll be establishing and maintaining an effective Information Security Management System alongside conducting internal audit and compliance activities, ensuring strict adherence to both the Company’s internal policies and regulatory and statutory requirements. You will have the opportunity to work with external agencies to audit Company compliance with information security standards and also work with the wider business to ensure relevant certifications is achieved and maintained.
REPL is an equal opportunity employer and we know the value of a diverse and inclusive workforce. We have very active communities for Women in Tech, Automation and Innovation and we are also actively involved in the local community.
What you’ll be doing:
- Participate in the design, implementation, operation and maintenance of the Information Security Management System (ISMS) based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable.
- Prepare, distribute, and maintain REPL wide policies, procedures, plans, instructions, and guidance, concerning information security.
- Work with the general counsel and businesses to ensure both existing and new services comply with information security obligations.
- Provide input on security requirements to be included in statements of work and other appropriate procurement documents.
- Review and contribute to information security statements & commitments to be included in requests for information, statements of work and other appropriate procurement documents.
- Work with legal and management to ensure the organisation has and maintains appropriate privacy and confidentiality consent, authorisation forms and information notices and materials reflecting current organisation and legal practices and requirements.
- Provide documents, reports, and audit results and other information to relevant management as required.
- Log and monitor protective or corrective measures when a security incident or vulnerability is discovered or when identified by other means.
- Implement, review and maintain internal audit work programmes, audit plan and drive the development, deployment and update/review of relevant policies, procedures and other frameworks.
- Perform audits through the review of physical and electronic records, evaluate the level of compliance with established business policies, processes, procedures, standards, laws and regulations, identify control weaknesses or process improvement opportunities and ensure workable solutions are initiated.
- Maintain record of internal audit materials for easy retrieval and reference and monitor the document management process across the Company.
- Track timely and effective corrective actions taken following audit recommendations.
- Monitor and report compliance with contractual, regulatory and statutory requirements across all business areas.
- Develop and maintain a record of personal data processing activities in compliance with the GDPR, in particular looking at the nature, scope, context and purposes of processing.
- Maintain departmental registers (e.g. Improvements Register, Incident Register, ISO 27001 Implementation Project Risk Resister)
- Participate in the Risk Management process to identify security risks and to apply appropriate treatment and control.
- Support necessary and ‘best practice’ compliance activities (e.g., ensure awareness and accessibility of policies and procedures, ensure compliance monitoring occurs).
- Keep up to date on developments with regard to Information Security, ensuring REPL processes are updated accordingly
- Maintain the Health & Safety Management System including appropriate records and documentation.
- Conduct Health & Safety Risk Assessments and audits.
- Carry out other appropriate responsibilities as may be required.
What we’re looking for:
- Good verbal and written communication skills
- Computer Literacy
- Analytical and Critical Thinking Skills
- Hard work and Quality Focus
- Honesty and Reliability
- Collaboration and Resilience
- Objectivity and Independence
- Passion and Commitment
- Innovation and Attention to Detail
- Information Technology (IT) General Knowledge
- Result-orientation and Responsibility
The role is based in our Henley-in-Arden office with some remote working available.