GRC Specialist

Here at DS Smith, we are looking for a passionate and enthusiastic Governance, Risk and Compliance (GRC) Specialist to join our Digital Security Team.

GRC Specialist

We are looking for a passionate and enthusiastic Digital Security and Information & Technology professional, looking to develop and grow their career in Governance, Risk and Compliance (GRC) in an interesting and supportive international business.

Our aim at DS Smith is to be the leading supplier of sustainable packaging solutions. We want to become a trusted and strategic partner to our customers, providing innovative packaging solutions for all their needs.

Our Digital Security GRC team supports and enables our business through:

• Security awareness, training, phishing and culture.  

• Facilitation of cyber scenario simulations across central and manufacturing site teams. 

• Supplier assurance and support for customer enquiries.

• IT risk management process coordination and facilitation.

• ISO27001 related support, creation of related documentation and continuous improvement.

The GRC Specialist will take ownership of aspects of awareness and phishing campaigns, supplier and customer responses, and risk management facilitation. You will have experience of delivering and working within frameworks such as ISO27001, NIST CSF or similar, working toward a relevant certification and/or have demonstrable experience as a basis for next steps in Security GRC.  

As the successful candidate, you will demonstrate good analytical and problem-solving skills, an ability to plans and deliver outcomes. The GRC Specialist will build effective working relationships across technology and business stakeholders providing GRC advice and support.

The role may include occasional planned travel (‘on-site’ visits) both within the UK and internationally in support of the business engagement outlined.  

About you   

• Knowledge and experience working with information security standards and frameworks such as ISO27001, NIST CSF, Cyber Essentials to develop standards and guidelines.

• Ability to communicate clearly and effectively across all management levels of the company, particularly when articulating complex IT concepts to non-IT stakeholders.   

• Knowledge or experience of facilitating risk and control processes in a large organisation.

• Effective time management skills and ability to plan against multiple competing demands.

• Working toward or goals achieve professional certifications such as ISO27001 lead, ISC2 certifications, CISM, CRISC would be advantageous.  

Benefits  

• Competitive salary 

• Company bonus

• Pension scheme  

• Life assurance  

• Income protection  

• 25 days holiday plus bank holidays 

• Electric Car/Bike Scheme