We are seeking a detail-oriented and proactive GRC Analyst . This role is pivotal in safeguarding the organisation’s reputation and ensuring regulatory compliance. You will work closely with process owners, auditors, and stakeholders to analyse, monitor, and address risk management and compliance issues, with a strong alignment to the Group Head of Audit.

Key Responsibilities

• Administer and maintain ISO 27001 and ISO 22301 compliance programs.
• Oversee and configure the GRC tool, ensuring it remains current and effective.
• Manage relationships with GRC solution providers.
• Conduct risk and vulnerability assessments, compliance reviews, and audits.
• Support and manage ISO 27001, ISO 22301, and PCI audits.
• Maintain a central repository for audit evidence.
• Develop and enhance the GRC framework in line with industry best practices.
• Collaborate with cross-functional teams to identify and mitigate IT and business risks.
• Own and manage the IT Risk Register and RoPA.
• Align risk assessments with the Group Risk function.
• Promote health and safety awareness and compliance across the organisation.

Qualifications & Experience

• Experience in GRC, risk management, or compliance within IT or related fields.
• Familiarity with ISO 27001, ISO 22301, and PCI standards.
• CRISC certification is desirable but not essential.
• ISO 27001 or 22301 certification is a plus.
• Strong analytical, communication, and stakeholder engagement skills.

Why Apply?

• Be part of a mission-critical team enhancing IT security and operational resilience.
• Work closely with senior leadership and contribute to strategic risk initiatives.
• Opportunity to shape and improve compliance frameworks and processes.