Information Security GRC Analyst

The Cyber Security & GRC Analyst plays a key role in strengthening the organisation's security, privacy, and risk posture, ensuring that systems, applications, and data are protected while enabling large-scale digital and IT transformation.

It's an excellent opportunity for motivated professionals with experience or interest in information security, IT risk, governance, compliance, or data protection who want to deepen their expertise and progress their career in a mature, well-resourced environment.

• Embedding security, risk, and privacy into new IT and business initiatives, including major transformation projects
• Supporting and maturing Governance, Risk & Compliance (GRC) frameworks, policies, and standards
• Conducting IT, cyber, and third-party risk assessments, with ownership of remediation tracking
• Assessing suppliers and partners from a security and data protection perspective, including audits
• Supporting GDPR and regulatory compliance activities, including DPIAs, breach reporting, and regulatory engagement
• Maintaining and contributing to the IT risk register and risk governance processes
• Supporting internal and external audits and assurance reviews (ISO, NIST, PCI, GDPR)
• Promoting security awareness and risk culture through training, phishing simulations, and stakeholder engagement
• Producing clear risk, compliance, and management reporting for senior stakeholders
• Supporting incident response activities related to cyber security and data protection

• Strong understanding of information security and data protection regulations, standards, and best-practice frameworks
• Practical experience with IT controls, risk assessments, and/or data protection obligations
• Experience designing, implementing, or assessing security and privacy controls aligned to recognised frameworks and regulations (e.g. GDPR, ISO 27001, NIS, emerging regulatory requirements)
• Experience working with internal stakeholders across IT, security, and the wider business
• Ability to engage confidently with regulators or external oversight bodies when required
• High ethical standards, with the ability to remain impartial and report non-compliance
• Demonstrated ability to handle sensitive and confidential information
• Strong analytical, diagnostic, and problem-solving skills
• Ability to manage workload independently, prioritise effectively, and deliver outcomes on time
• Proven ability to work collaboratively within a team, supporting colleagues as needed
• Clear and effective communication and presentation skills, including written, verbal, and training delivery