Governance Risk And Compliance Analyst (1559)

We are recruiting for an experienced **Governance Risk and Compliance Analyst **to join the **Security Governance Team**, part of **Group Security **based in Manila.
The role will play an essential part in defining and delivering the **internal security audit program** and leading external **security audits**.
The role will be responsible for ensuring the appropriate development of our **Information Security Management System (ISMS)** to ensure continued compliance with **ISO 27001 **and the ability to effectively communicate this compliance at our external audits.
In addition to **ISO 27001 compliance**, this role will support the continued attainment of **Cyber Essentials certification **and other security certifications as appropriate.
**Why should you join Cambridge?
**

Our mission is to contribute to society through the pursuit of education, learning, and research at the highest international levels of excellence.
Which is why every year, we give vital support to millions of people in more than 170 countries around the world.
From teachers and learners to researchers and academics, we help to build confidence, unlock potential, and enable success.
We give people the opportunity to show what they've learnt, we spread knowledge, spark enquiry, and aid understanding.
We achieve this by embracing change, and continuously focusing on our customers' needs.
And by collaborating, and carefully listening to our customers and to each other, we keep moving forward, keep innovating, and keep finding newer and better ways of doing things.
When you join Cambridge, you get the best possible combination of a supportive, caring environment, balanced with work that brings out the best in you.
You will have access to learning and development opportunities, and business tools essential for your role so that you can perform at your peak.
**What can we offer you?
**

In this role, you will collaborate with colleagues across different areas of the business and branches.
It is an opportunity that will enable you to widen your horizon by learning from other cultures.
The role is pivotal to the success of our team in helping the organisation to maintain confidentiality, integrity and availability of our assets.
There are no limits to the opportunities afforded to learn best practices in this field, work with new and exciting technologies, and collaborate with highly talented people.
The Security Governance team covers a wide range of functions and there are always opportunities to try something new, enhance your skillset or collaborate with different teams.
On top of these, working with Cambridge will also give you stability.
We show our care for our people by allowing them to grow not just professionally but also personally.
We promote work-life balance through flexible work schedules, hybrid work arrangements, and generous paid leaves.
In addition, you will be entitled to our health care benefits with coverage for dependents, group life insurance, and robust wellbeing programs right on the first day of joining us.
**What will you do in this role?
**

Working under the supervision of the Head of Security Governance in the UK, you will:

- Develop and deliver an internal audit programme assessing Cambridge compliance with security policies and the effectiveness of controls in place
- Take responsibility for the day to day management of the Information Security Management System (ISMS)
- Lead on the management and coordination of the security aspects of Cambridge responses for external security audits, including ISO 27001, and requests for information/assurance from customers / potential customers.
- Manage the maintenance of compliance with all certifications such as 27001, Cyber Essentials and HMG Security Policy Framework as requested for regulatory purposes and best practice,

\You will be ideal for this role if you have around 3 years of experience of managing all the requirements of an ISMS, led external ISO 27001 audits, conducted internal IT audits and have excellent communication skills at all levels

In addition, experience, knowledge or expertise in the following would give you an advantage:

- ISO 27001 Lead Auditor/ Implementor
- CISA, CISM or CRISC
- Security frameworks and standards eg CIS, NIST etc
- Knowledge of Cyber Essentials