Information Security GRC Analyst

Copper is seeking an information security GRC analyst to help implement and mature our Governance, Risk and Compliance program across the organisation. Joining one of the most exciting Digital Assets/Fintech startups in London, you will get to work in a complex cloud-first organization on a global scale. If you passionate about crypto, all things security […]

Natalia Yushina

Copper is seeking an information security GRC analyst to help implement and mature our Governance, Risk and Compliance program across the organisation. Joining one of the most exciting Digital Assets/Fintech startups in London, you will get to work in a complex cloud-first organization on a global scale. If you passionate about crypto, all things security and compliance and love fast-paced environments, we would love to hear from you.

Job Responsibilities

  • Undertake review, design and implementation of IT security standards in line with best practices and industry standards. Embed requirements into key business processes. Implement tools and processes to help automate and streamline all aspects of GRC
  • Act as subject matter expert and advise on the design and implementation of key security controls. Deliver related communications, training, and awareness. Partner with teams across technology and the business to ensure compliance requirements are understood
  • Coordinate engagements with internal and external auditors. Support third-party assessments including due diligence activity, compliance questionnaires, vendor assurance, and RFPs
  • Develop and implement ISMS. Maintain processes and documentation to support compliance in a manner that can be evidenced in relation to industry and regulatory drivers such as ISO27001 and SOC2
  • Determine and drive appropriate improvements
  • Conduct assurance testing on control effectiveness and provide recommendations.
  • Monitor and report on compliance gaps

About You

  • Practical and technical GRC experience in an Information Security GRC position or a role that is focused on policies, standards and frameworks
  • Ability to identify, analyse and propose mitigating actions for GRC risks in cloud-native environments
  • Experience in policy and procedure creation, technical assurance testing, security training and awareness, third-party management. Ability to explain technical concepts to colleagues in the context of business requirements
  • Working knowledge and experience of security, industry, and regulatory compliance frameworks and drivers such as NIST, ISO, SOC2, GDPR
  • Knowledge of cryptocurrency and blockchain technologies
  • Strong stakeholder engagement skills
  • Detail-oriented, delivery-focused, and able to manage multiple work streams simultaneously
  • Good written and verbal communications skills

Nice to have

  • Information Security / Cyber Security degree
  • CISA, CISM, CISSP, ISO27001 LA, GDPR Foundation or other relevant certifications
  • You own Crypto portfolio
Independent custody
connected to multiple exchanges
Our settlements and clearing service is backed by our award winning custody technology
We would like to use analytics cookies
to improve site experience.View policy