GRC Analyst

We are looking for a GRC Analyst to be a part of the Governance, Risk and Compliance (GRC) function of the Information security team at Clarivate. A dynamic team that is working cross company at all levels. If you have a skill set and experience in information security and project management, we would love to speak with you.

About You – experience, education, skills, and accomplishments

• BSc degree graduate in a relevant field or equivalent technical training.  

• Security certifications – CISO, CISSP and/or CISM preferred. 

• 1+ years demonstrated experience in Information security at a global company  

• Experience with at least one of the following: ISO 27001/2, PCI, AICPA SOC 2 (SSAE 18)

• Project management skills to drive projects and initiatives across multiple departments  

• Excellent English communication skills

It would be great if you also had 

• Experience in creating and implementing processes

• Knowledge of risk assessment and security baselines

• Knowledge of ISO Certifications and NIST standards

• Experience handling tasks in a matrixed organization

• Ability to multitask

What will you be doing in this role?

• Implement the key initiatives/projects focused on the reduction of security risks, governance, and compliance.

• Participate in security and privacy compliance assessments on new and existing systems, processes, and technologies.

• Support internal and external audit processes   such as ISO 27001/ISO 27002, SSAE 18 and leading standards for Information Security

• Enhance operational effectiveness of audit activities to further align to company strategy and risk management

• Assist with education and awareness programs to promote security and privacy in the company.

• Inform the CISO or DPO regarding security and privacy concerns and recommend courses of action

• Tactically maintain and operate the risk management systems

• Participate in completing security questionnaires, contract reviews, RFPs, and tenders

• Review proposed changes on an ongoing basis to determine the impact on security and privacy

About the Team 

The Governance Risk and Compliance (GRC) team in Clarivate exists as part of the overall Information Security team headed up by our CISO within the Technology Group. GRC Compliance Team is a part of the GRC team and spearheads initiatives that further the organization’s compliance goals and responsible for assessing and guiding the company’s compliance stance for Information Security in alignment with industry standards (ISO 27001, SOC 2, PCI-DSS, SOX, ISO 27017, ISO 27032, etc.) along with contractual requirements agreed with the customers.

Benefits

• Holidays: 25 days paid leave per annum 

• Private Health Insurance 

• Paid Lunch 

• Yearly Bonus 

• Yearly Merit Plan 

• My Learning Platform 

• Fit Pass 

• Life Insurance

• Accident Insurance

• Company bicycles for rent free of charge

Hours of Work

This is a permanent full-time position, with core engagement hours within CET time zone.

This is a hybrid position, you will be expected to work from our Belgrade office 3 days every other week.

#LI-Hybrid

Please note that only shortlisted candidates will be contacted. 

At Clarivate, we are committed to providing equal employment opportunities for all persons with respect to hiring, compensation, promotion, training, and other terms, conditions, and privileges of employment. We comply with applicable laws and regulations governing non-discrimination in all locations.