GRC Cybersecurity Analyst
Introduction & Summary
The role of the GRC Cybersecurity Analyst is to ensure the structuring, monitoring, and continuous improvement of Governance, Risk, and Compliance (GRC) practices in the company, ensuring compliance with regulations, internal standards, and industry best practices. This position plays a strategic role in mitigating risks, protecting the organization's assets, and promoting a culture of security and compliance.
Main Responsibilities
- Identify, assess, and monitor cybersecurity and compliance risks.
- Ensure implementation and compliance with applicable standards and regulations (e. g. , GDPR, ISO 27001, NIST CSF, NIS2).
- Support internal and external audits, ensuring adequate preparation and response to security findings.
- Develop and maintain GRC policies, standards, and frameworks aligned with market best practices.
- Collaborate with internal teams to ensure effective implementation of security controls.
- Conduct periodic assessments and reviews to continually improve security practices.
- Define and track risk and compliance KPIs and metrics.
- Prepare reports for management on the status of security and identified risks.
- Participate in the definition and execution of security incident response plans.
- Develop and promote security and compliance awareness programs for employees.
- Act as a strategic partner to the IT, Legal, and Business teams in risk management and compliance.
- Provide support in assessing supplier and
- party risks.
Key Requirements
- Strong knowledge of governance, risk management, and compliance in cybersecurity.
- Experience with relevant regulations and standards (e. g. , GDPR, ISO 27001).
- Proficiency in risk assessment and management methodologies.
- Ability to work collaboratively with
- functional teams. - Excellent communication skills, both verbal and written.
Nice to Have
- Experience with security incident response and management.
- Knowledge of cybersecurity frameworks (e. g. , NIST CSF, CIS Controls).
- Certification in relevant areas (e. g. , CISA, CRISC, CISM).
Other Details
This position supports the organization's ongoing risk management efforts, with a focus on continuous improvement and compliance within the cybersecurity domain. Remote work options available.
Seniority level
- Not Applicable
Employment type
- Full-time
Job function
- Information Technology
Industries
- IT Services and IT Consulting
- Informações detalhadas sobre a oferta de emprego
Empresa: emagine Localização: Lisboa
Lisboa, Lisboa, PortugalPublicado: 9. 7. 2025
Vaga de emprego atual
Seja o primeiro a candidar-se à vaga de emprego oferecida!