GRC Analyst
Top Skills Recruitment is a recruitment agency established by professionals with many years of
experience in Business Process & IT Outsourcing. Our higher aim is to find and bring out the
best in our candidates so they can land their desired job and at the same time deliver high
standard services to our clients. We assist people in their quest for the right career opportunity.
Our client is a truly
international company. An inclusive, innovative global FMCG with over 27,500
employees operating across 120 markets.
As they embrace a new era of growth, they’re transforming. With consumers
at the center of everything they do, their ways of working and culture are driven
by a challenger mindset, where people can challenge the status quo and bring
their best selves to work.
Their agility and collaboration are driving their ambitions, innovation
and success, all supported by their award winning development programmes that
create exciting and rewarding opportunities for all.

Job Profile:

✔️ The IT Governance, Risk, and Compliance (IT GRC) Analyst (GRCA) is responsible for
evaluating the compliance and risk posture of Imperial Brands’ information assets. The
GRCA will also provide stakeholders with advice on addressing compliance gaps and
risks that have been identified.

✔️ The GRCA provides technology risk and information security expertise to the Global IT
function and drives the implementation of IT risk management processes within Global

✔️ The GRCA’s responsibilities require technical expertise to influence effective risk
analysis, compliance with Global IT standards, awareness and education, and lead the
development of policies, standards and guidelines.

✔️ This role will work closely with Cybersecurity, Application Operations, Solution
Delivery and other teams within Global IT as well as the Information Security,
Procurement, Privacy and Legal functions to build a strong understanding and acceptance
of IT GRC practices.


✔️ 4+ years of experience with IT Governance, Risk, and Compliance management in a
large global environment.

✔️ Demonstrated proficiency in assessing and designing internal controls for information
security in an enterprise-level environment.

✔️ Strong understanding of one or more industry frameworks and compliance regulations:
i.e., NIST Cybersecurity Framework, ISO 27001, PCI-DSS, International Privacy
requirements (EU-US Privacy Shield, GDPR)

✔️ Excellent communicator and ability to work with partners from a diverse set of

✔️ Understanding of fundamental information security concepts and technology and have
previous exposure to cloud security, data processing, hardware platforms, enterprise
software applications, and outsourced systems.

✔️ Manage priorities and work both independently and as part of a team.

✔️ CRISC, CISA, CISSP or other well recognized IT governance or security certifications

What the company offers:

Our client offers a competitive package of salary, bonus scheme, health insurance and (25/29) days holiday. 

If you recognize yourself, do not hesitate to send us your CV in English.


All applications will be treated as strictly confidential.


Only short-listed candidates will be contacted.


License for recruitment for Bulgaria: № 2399 / 15.11.2017.

License for administration and protection of personal data issued: № 432025 / 23.10.2017