Location: Surbiton
Salary: Competitive plus package
Working hours: 9:00am - 17:00pm 35 per week Monday - Friday
Benefits: Car Allowance, 25 Days Holiday + BH, Company Pension, Private Healthcare, Company Sick Pay, Flex Benefits (EMCOR UK discount scheme)
About EMCOR UK:
At EMCOR UK, we revolutionise facilities management by combining our engineering heritage and innovation capability. We prioritise people in everything we do, collaborating closely with our customers to understand all their needs, from the big picture to day-to-day operations. Our purpose is to “create a better world at work”. Using our unique insight platform, "One Data World," we harness data-driven intelligence to make informed decisions, adapting our services to meet our customers’ evolving requirements. This allows us to cultivate an enhanced workplace experience for their teams whilst optimising efficiency, meticulously managing every asset, and minimising their impact on the planet. All supported by our commitment to safety, compliance, and assurance. Our partnering approach empowers our customers to shape a better future. Whether guiding their path to net zero or redeveloping their facilities for enhanced efficiency, we create better places for work whilst taking away the burden of facility operations, freeing up our customers to concentrate on their business.
Job Purpose:
As a member of the Information Security team, the Information Security GRC Analyst is responsible for supporting the operation, maintenance, and maturity of EMCOR UK’s Information Security Program, protecting EMCOR UK’s information assets and technologies. This includes enhancing the information security management system, supporting the risk management process, and monitoring external threats.
Production and maintenance of information security documentation and training, as well as monitoring the security toolsets employed form part of the daily undertakings.
Any subsequent remedial activities will be key to the successful implementation and management of a secure estate.
Duties:
- Monitor, maintain, and mature the information security management system (ISMS) and information security program to ensure the integrity, confidentiality & availability of all information assets.
- Day to day management and maturity of information security risk identification and remediation of identified information security concerns for the organisation and third-party suppliers.
- Contribute to the successful completion of external and independent information security related audits.
- EMCOR UK is subject to ISO27001, ISO27017, ISO27701, ISO22301, Cyber Essential Plus, IASME Governance, and Sarbanes Oxley.
- Conduct and document internal audits to support the information security program.
- Assist with the completion of information security related enquiries and responses to current and potential clients.
- Contribute to information security incident response activities.
- Contribute to the Subject Access Request and eDiscovery process.
- Ensure adherence to legal and regulatory compliance, governing information security and industry best practices.
- Monitor security operations toolsets to include SIEM, vulnerability management, endpoint protection, endpoint detection and response, intrusion detection, and threat intelligence.
- Provide security reporting related to information security governance, risk, and compliance.
- Day to day management and maturity of the information security training and awareness programmes.
- Monitor the external environment for emerging information security threats, trends, legal and regulation changes and assist the Head of Information Security with any appropriate courses of action.
- Contribute to the identification and remediation of information security related corrective actions.
- Contribute to the information security objectives and roadmap.
- Identification, documentation, and monitoring of information assets including personal identifiable information.
- Actively monitor the EMCOR UK digital footprint and suggest remediation actions where appropriate.
- Ability to effectively work as part of a team and communicate with stakeholders across both technical and business teams.