Information Security Analyst (GRC Analyst)

About the role

Reporting to the Information Security Manager, the Information Security Analyst plays an important role in ensuring the security posture of the Monument Re group. The role-holder will possess a good understanding of security controls, risk management, security awareness programs and information security governance and have experience of delivering security assurance activities to ensure security standards and regulatory requirements are met.

Responsibilities

Governance, Risk & Compliance (GRC)

• Support the development, maintenance and enforcement of information security policy, standards and procedures.
• Maintain and improve the Monument Re risk management framework aligned with industry standards such as ISO27001 and regulatory requirements such as DORA.
• Document, manage and track security risks on the information security risk register and report key risk indicators (KRIs) and metrics as part of periodic management reporting.
• Conduct periodic risk assessments and risk and control self-assessments (RCSAs) to identify risks and assess control effectiveness.
• Work with IT teams to ensure security controls are in place and effective.
• Support internal and external audits, ensuring Monument Re’s control landscape meets internal and external compliance requirements, logging and tracking findings through to resolution.
• Prepare and present periodic risk and compliance reports to governance forums across the Monument Re group.

Security Awareness

• Design and deliver engaging security awareness programs and phishing simulations.
• Develop training materials tailored to different roles and departments.
• Monitor training effectiveness and adjust content based upon user feedback and threat trends.
• Promote a culture of security through campaigns, newsletters and events.

Third-Party Security Assurance

• Provide support for the Third-Party Security Lead’s vendor and outsourcing risk management responsibilities.
• Work with Monument Re’s technical teams, security suppliers and vendor management teams to conduct security assurance on third-party vendors as needed.
• Ensure Monument Re maintain compliance with all DORA-driven requirements.

Role Requirements

• Minimum of 3 years experience in similar role in GRC or information security roles.
• Good experience of working in a regulated environment, ideally financial services.
• Understanding and experience of security risk management practices, including working in partnership with second-line risk functions.
• Strong understanding of security control frameworks such as ISO27001 and CIS Top 18.
• Ideally experience of the technical aspects of security as well as governance, risk and compliance, particularly vulnerability management controls, such as Rapid7; and Microsoft 365 / Azure security controls.
• Experience of planning and delivering security awareness campaigns and phishing testing.
• Experience with working in partnership with vendor management, information technology and risk functions.
• A thorough understanding of DORA and the regulatory requirements for operational resilience is desirable, however training will be provided to close any knowledge gaps.
• Ability to work independently and think proactively.
• Ability to deliver results through collaboration and influencing of internal and external stakeholders.
• Ability to effectively communicate with all stakeholders, explain risk and advocate for the implementation of required security controls across internal and external (third-party) communities.
• Experience of representing the information security function in management forums and periodic vendor review meetings to report on and articulate security risk as well as make recommendations to mitigate or close these risks.
• Good interpersonal, written and verbal communication and engagement skills with experience of engaging with all levels of employees and external partners.
• Must have high attention to detail; be a self-starter and able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency.
• Be energetic, passionate with a positive attitude.
• Holder of relevant security certifications (ISC2, ISACA, ISO audit/implementation etc.) or equivalent training/experience.
• Excellent English language skills. French language skills a plus.
• Periodic overseas travel may be required to deliver on-site assessments and audits.

Location

Dublin, Ireland.
Hybrid.

Closing Date

30th June 2025

Equal Opportunities Statement

Monument Re is an equal opportunities employer.

Apply now