GRC Analyst – Salford (Hybrid, 3 Days in Office)
Salary: £45,000 – £50,000 per annum
Contract: Full-time, Permanent
Location: Salford, Greater Manchester (Hybrid – 3 days per week in the office)
Scroll down for a complete overview of what this job will require Are you the right candidate for this opportunity
The Opportunity
An exciting opportunity has arisen for a Governance, Risk and Compliance (GRC) Analyst to join a dynamic and growing organisation based in Salford. This hybrid role offers the chance to play a pivotal part in shaping and maintaining the company’s risk and compliance framework, ensuring alignment with key industry standards and regulations.
The successful candidate will be instrumental in supporting governance processes, conducting risk assessments, and ensuring adherence to information security and data protection requirements across the business.
Key Responsibilities
* Support the development, implementation, and maintenance of the organisation’s GRC framework.
* Conduct and document risk assessments, identifying control gaps and recommending appropriate mitigations.
* Maintain and update internal policies and procedures to ensure compliance with ISO 27001, GDPR, and other regulatory requirements.
* Assist with internal and external audits, including evidence gathering and control testing.
* Prepare and deliver compliance and risk reports for management review.
* Collaborate with internal teams to promote a culture of risk awareness and compliance.
* Contribute to awareness initiatives and training programmes.
Candidate Profile
The ideal candidate will have proven experience in a similar GRC, Risk, or Compliance role, with a strong understanding of information security and governance frameworks. They will be detail-oriented, analytical, and capable of engaging effectively with stakeholders across all levels of the organisation.
Essential Skills and Experience:
* Previous experience in a GRC, Risk, or Compliance Analyst position.
* Good knowledge of frameworks such as ISO 27001, NIST, or COBIT.
* Understanding of data protection and privacy regulations (e.g., GDPR).
* Excellent written, verbal, and interpersonal communication skills.
* Strong analytical and organisational abilities.
* Relevant professional certifications (e.g., ISO 27001 Lead Implementer/Auditor, CISM, CRISC, CISSP) are desirable but not essential.