This position is open in Malaga and Madrid; you should be based in one of these cities or willing to relocate and work in a Hybrid model (3 days at home and 2 in the office). The Governance Risk and Compliance (GRC) Analyst is responsible for supporting the operational development and implementation of an effective enterprise-wide industry aligned GRC framework. We are looking for someone with a minimum of 2 years' experience in similar roles and a demonstrable track record of delivering tangible outcomes in complex organizations.As the GRC Analyst, you will be familiar with industry standards in information security and be able to support the development of an approach to risk management, compliance and control implementation that balances the need for robust security with the need to allow the business to achieve its goals. Navigating a complex environment, you should be comfortable collaborating with technical teams and coordinating with business stakeholders to articulate security requirements and drive a proactive security by design approach in support of enterprise projects. If you have a positive mindset, can map risk to business value with a practical, adaptable, and innovative approach then this is the role for you!ResponsibilitiesSupport the Head of GRC in designing, implementing, and maintaining all aspects of the Information Security Management System (ISMS) across the organization working with key stakeholders such as IT Operations, Procurement, Legal, HR, Commercial, Marketing, and Finance.Conduct detailed risk assessments across a broad scope of enterprise systems, projects, and technologies. Drive risk remediation activities and produce actionable insights and reporting in support of the CIO and wider group initiatives.Draft, review and maintain Information Security policies, standards, procedures, and guidelines to enhance the delivery of an embedded governance program.Provide Information Security subject matter expertise in collaboration with cross-functional teams and external partners in support of enterprise projects.Contribute to the development of security requirements, conduct assessments of the security controls environment, and provide practical recommendations for control implementation to drive assurance across enterprise projects.Design, implement and maintain an effective training and awareness program to foster a positive security culture and embed security best practices. Generate creative solutions to drive engagement and awareness with measurable outputs.Contribute to the development of a practical third-party risk management program using a scalable, measurable and automated approach.Contribute to the evolution of GRC capabilities to ensure we continually mature and maintain a proactive posture. Support the management and maintenance of all tooling for delivering GRC capabilities into the organization.#J-18808-Ljbffr