About our opportunity We are seeking an experienced Senior Information Security Analyst – GRC to ensure information security policies comply with business goals, regulations and best practices. This role manages governance, risk, compliance, helping to identify and address security risks, maintain compliance, and continuously improve security. What you will be doing Ensure information security policies comply with business goals, regulations and best practices. Manage governance, risk, compliance, helping to identify and address security risks, maintain compliance and continuously improve security. Proven experience implementing and managing GRC frameworks and processes ideally in a corporate environment. Carrying out risk assessment, security audits and regulatory compliance. A good understanding of information security frameworks (ISO 27001, NIST, COBIT, etc.) to support the assessment/audit/compliance. Report on security risks, incidents, and improvements to senior stakeholders. Deliver security awareness training and work closely with IT, Legal, and Compliance teams. Design, implement, and manage organization-wide security awareness programs to educate employees about security policies, procedures, and risk mitigation practices. Develop training materials tailored to different roles and departments, including executive briefings, phishing simulations, and compliance training modules. Ensure all employees complete mandatory security and compliance training on schedule. About You Proven experience in an Information Security Risk Management or IT compliance role. Strong knowledge of regulatory requirements (GDPR, HIPAA, SOX, PCI DSS, etc.) Cybersecurity frameworks, risk management and compliance. Excellent analytical and problem-solving skills. Strong stakeholder engagement and communication skills. Experience with GRC tools. Ability to translate technical security risks into business-relevant insights. Attention to detail, integrity and ethical conduct. Relevant certifications (CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor) and degree or equivalent experience desirable.