Lead Information Security Analyst, GRC (cybersecurity)

TL;DR

Lead Information Security Analyst, GRC (Cybersecurity): Designing, operating, and improving ISO 27001-aligned governance, risk, and compliance program with an accent on Integrated Risk Management, Third Party Risk Management, and security control effectiveness. Focus on defining responsible AI use guardrails, conducting risk assessments for AI/ML use cases, and embedding security into engineering initiatives.

Location: Edinburgh, Scotland (hybrid, minimum 2+ days onsite per week). Candidates must live within a commutable distance or be willing to relocate. Export control restrictions prohibit nationals of certain embargoed countries without an export license.

Company

Leader in mixed-signal processing for top consumer brands, driven by innovative engineering solutions and award-winning inclusive culture.

What you will do

• Lead operation and improvement of ISO 27001-aligned ISMS, including policies, standards, and controls.
• Develop and manage security policies, standards, exceptions, and risk-based decisions.
• Conduct security risk assessments for new systems, initiatives, and AI/ML use cases, partnering with IT and business.
• Execute third-party risk assessments, review questionnaires, and ensure compliance.
• Analyze risks, prioritize remediations, and report to leadership using GRC tools like ServiceNow.
• Support audits, privacy obligations, and AI governance frameworks.
• Collaborate globally with engineering, IT, and business teams to integrate security and risk practices.

Requirements

• Proven GRC, risk management, and compliance experience in global environments.
• Bachelor’s in cybersecurity, information systems, or equivalent experience.
• Hands-on with ISO 27001, NIST CSF, and related frameworks.
• Experience in integrated and third-party risk management.
• Technical fluency in IT/security domains and GRC platforms like ServiceNow.
• Strong analytical, communication, and independent execution skills.

Nice to have

• High-tech, engineering, or semiconductor experience.
• Certifications: ISO 27001 Lead Implementer/Auditor, CISSP, CISM, CISA, CRISC.

Culture & Benefits

• Hybrid flexibility from Edinburgh office, depending on business needs.
• Inclusive culture valuing diversity, collaboration, and different perspectives.
• Global team across time zones with focus on meaningful employee experiences.
• Commitment to community engagement and professional growth.