GRC Analyst

UK London
Information Technology – Information Security /
Employee - Regular/Permanent /
Hybrid
Apply for this job
Inclusion at Bumble Inc. 

Bumble Inc. is an equal opportunity employer and we strongly encourage people of colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, people with disabilities, and neurodivergent people to apply. We're happy to make any reasonable adjustments that will help you feel more confident throughout the process, please don't hesitate to let us know how we can help.
In your application, please feel free to note which pronouns you use (For example: she/her, he/him, they/them, etc).


Working within the GRC function of the Information Security department you will deliver risk assessments in order to lower the organisation's exposure to risk and to manage risks that are not mitigated. You co-ordinate the Information Secuirty contribution to an ERM function by managing all cyber aspects of the risk register. You will work together with multiple stakeholders, both internal and external in order to meet compliance obligations that are related to risk assessment and management, producing documentation and reporting as required.

Experience We Are Looking For

    • Proficient in 3rd party vendor/supply chain risk assessments and management.
    • Familiar in leveraging common cyber-score-carding services
    • In-depth knowledge of supply chain compromise tactics, techniques, and risk identification, in both a corporate and software development/systems management environment
    • Familiar in consuming 3rd party SOC2 Type 2 reports
    • Familiar with consuming penetration test reports and vulnerability reports
    • Experience in information asset risk assessments and risk management at the organisation level in support of ISO27001
    • Experience in contributing towards an ERM function
    • Experience in working with SOX audit requirements and associated risk management
    • Experience with PCI-DSS assessment requirements and associated risk management
    • Experience in risk mitigation and risk treatment techniques
    • Experience in risk register management and review
    • Excellent communication and teamwork skills
    • Ability to multi-task and context switch between multiple stakeholders
    • Good analytical skills, problem-solving and interpersonal skills

Role and Responsibilities

    • Primarily responsible for supply chain risk assessments and management
    • Co-ordinate and execute risk assessments in support of ISO27001 certification requirements
    • Manage the Information Security aspects of the enterprise risk register
    • Contribute towards compliance objectives of both SOX and PCI-DSS
    • Contribute to establishing, developing, and revising processes to manage risk
    • Creation of reports, dashboards, and metrics for risk management for both internal and external consumption
    • Coordination with stakeholders, build and maintain positive working relationships with them:Procurement, Legal, Internal Audit, external auditors and assessors, as well as information asset owners.
About Us

Bumble Inc. is the parent company of Bumble, Badoo, Fruitz and Official. The Bumble platform enables people to build healthy and equitable relationships, through kind connections. Founded by Whitney Wolfe Herd in 2014, Bumble was one of the first dating apps built with women at the center and connects people across dating (Bumble Date), friendship (Bumble BFF) and professional networking (Bumble Bizz). Badoo, which was founded in 2006, is one of the pioneers of web and mobile dating products. Fruitz, founded in 2017, encourages open and honest communication of dating intentions through playful fruit metaphors. Official is an app for couples that promotes open and honest communication between partners and was founded in 2020.
Apply for this job

Bumble Inc. Home Page

Jobs powered by Lever logo