GRC Technical Writer
About us
We are Digital Science and we are advancing the research ecosystem.
We are a pioneering technology company, and our vision is of a future where a trusted and collaborative research ecosystem drives progress for all. We believe in better, open, collaborative and inclusive research. In creating the next generation of tools and working in partnership with the community we tackle some of the biggest challenges to research. In order to achieve our vision, we need innovative, inspiring and dynamic people to join our team. Want to join us?
Your new role
As our GRC Technical writer, you will be part of our Information Security team, overseeing our Governance, Risk and Compliance documentation. This role partners with several areas of Digital Science and adds value through contributing to a robust compliance framework to meet our ever evolving compliance requirements. You will be a member of a new sub-team, primarily responsible for the delivery and maintenance of compliance specific to large, US (Federal) customers with enhanced security and privacy requirements alongside providing support to the wider organization. This is a very important role which requires a high standard of communication and stakeholder management.
This role (due to Federal requirements) can only be satisfied by a “US citizen, US national, or US person” and additional checks may be required.
What you’ll be doing
- Work with the stakeholders from across the group, our customer-base and third-party vendors/partners, to embed and enhance InfoSec compliance for products, services and business units under your purview.
- Writing, reviewing and updating information security policies, procedures, standards and guidelines spanning across several frameworks including FedRAMP, NIST and ISO 27001 primarily.
- Managing and maintaining a documentation inventory using existing GRC tool(s).
- Assist in drafting responses to risk assessments and where appropriate, audit responses and security questionnaires.
- Advising on the implementation of security controls, risk frameworks and alignment with regulatory and compliance frameworks.
- Assist in auditing controls across multiple security frameworks to identify gaps
- Collaborate with subject matter experts across the organization as a bridge between technical and infosec functions.
- Provide customers and auditors with documentation relating to security assessments and audits.
- Reporting to CISO, Deputy CISO, senior management and stakeholders in order to understand the performance of the system.
What you’ll bring to the role
- You will have a demonstrable track record in GRC technical writing and tooling (Ideally utilizing Hyperproof or similar)
- You have significant, expert, professional experience in Information Security Compliance with demonstrable expertise spanning several frameworks simultaneously e.g. FedRAMP (to at least ‘moderate’ level), DoD IL4 and NIST-800 (53 and 218 at a minimum).
- You have parallel knowledge of ISO/IEC 27001 and 27701 in order to compare, contrast and advise on meeting requirements and controls required to achieve and maintain FedRAMP compliance.
- You will have successfully contributed to a FedRAMP implementation programme utilizing consultants, third-parties and internal resources.
- You’re highly organized and have the ability to work on intricate details without losing the big picture
- You’ll be a strong communicator and comfortable communicating with people at all organizational levels and leading conversations around recommendations for improvements
- You have a collaborative approach to how you work and ensure all groups are communicated with and understand your process and approach
- You’re a self learner and have an inquisitive mind
- You’re resourceful and solutions focussed, making practical considerations for all groups involved
- You’re a natural problem solver and have strong analytical skills
- Bachelor degree in English, Technical Communication, Information Systems or a Cyber Security related field, and/or equivalent Information Security related certifications.
Living our Values
We invest in, nurture and support innovative businesses and technologies that make all parts of the research process more open, efficient and effective.
The talent we secure is fundamental to us achieving our vision and our growth plans. The values we live by are:
We are brave in the pursuit of better
We are collaborative and inclusive
We are always open-minded
We are from and for the community
We're an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status
Additional Information
Please note that, in light of vaccination mandates for US Government contractors, Digital Science requires that all US-based employees are fully vaccinated against COVID-19, subject to approved accommodations.
About Digital Science
Digital Science is a technology company working to make research more efficient.
We invest in, nurture and support innovative businesses and technologies that make all parts of the research process more open and effective.
Our portfolio includes admired brands including Altmetric, Dimensions, Figshare, ReadCube, Symplectic, IFI Claims, Writefull, and Overleaf.
We believe that together, we can help researchers make a difference.