Department environment

The Technical Governance, Risk and Compliance (Tech GRC) manage the non-financial risk management, project management of internal and external assurance programmes, third party risk management, business continuity planning among responsibilities.

We are a flexible function that has a very broad remit across the business, we value adaptability and the ability for individuals to operate in ambiguous situations.

Key Responsibilities of the role

You will be responsible for the Risk Programme, Third Party Risk Management and Cyber Assurance in Copper and you key responsibilities will include:

• Undertaking regular reviews of the Risk Management standards in line with best practices and industry standards. Embedding requirements into key business processes.
• Implementing tools and processes to help automate and streamline all aspects of Risk Management.
• Acting as subject matter expert and advise on the design and implementation of key security controls. Deliver related communications, training, and awareness. Partner with teams across technology and the business to ensure compliance requirements are understood.
• Coordinating engagements with internal and external auditors. Supporting third-party assessments including due diligence activity, compliance questionnaires, vendor assurance, and RFPs.
• Determining and advising the business on appropriate improvements for business processes and controls.
• Conducting assurance testing on control effectiveness and provide recommendations, manage remediations and facilitate discussion on improvements.
• Monitoring and reporting on control gaps, ongoing risks to the business and track using treatment plans.

Your experience, skills and knowledge

• Practical and technical GRC experience in an Information Security GRC position or a role that is focused on policies, standards and frameworks.
• Knowledge and experience of security, industry, and regulatory compliance frameworks and drivers such as NIST, ISO, SOC2, GDPR.
• The ability to identify, analyse and propose mitigating actions for risks in cloud-native environments.
• Experience in training and awareness.
• The skills and experience to explain technical concepts to colleagues in the context of business requirements.
• Knowledge of cryptocurrency and blockchain technologies.
• Strong stakeholder engagement skills, including education around topics such as risk management, and governance.

Desirable

• Risk Management certifications, Security Certifications (CISA, CISM, CISSP, ISO27001) or other relevant certifications

The benefits offered

• 25 days annual leave a year​in addition to bank holiday entitlement (additional days annual leave, capped at 30days)​
• BUPA Private medical care:Individual​
• BUPA Private Dental care:Individual​
• Pension matched up to 10%​
• Home Working Energy Supportsscheme
• Classpass membership
• Unmind membership

In return for everything you can bring to Copper, we can offer you an exciting, challenging role in a fast-growing and dynamic business, with career opportunities and welcoming working environment.