Get AI-powered advice on this job and more exclusive features.
As our Information Security GRC Analyst, you’ll be the trusted advisor guiding our teams through risk, regulation, and resilience. From embedding security into digital transformation to assessing third‑party risks and ensuring compliance with ISO 27001, NIST CSF, PCI‑DSS, and more — you’ll be the voice of assurance in a fast‑moving world.
You’ll work across projects, suppliers, and stakeholders, translating technical controls into business impact, and helping us stay one step ahead of emerging threats.
Day to day
* Conduct information security and compliance risk assessments, maintaining and updating our risk register.
* Manage third‑party risk — from due diligence and onboarding to ongoing oversight — ensuring suppliers meet our high standards.
* Partner with project teams to embed security, legal, and regulatory requirements into every stage of delivery.
* Develop and enhance security policies and standards, making them clear, relevant, and actionable.
* Support awareness and education programmes that bring our security principles to life.
* Prepare and organise evidence for audits and compliance assessments.
* Participate in governance and risk forums, sharing insights and ideas that help shape our security strategy.
About you
* Hands‑on experience with risk assessments, supplier reviews, and control evaluations
* Working knowledge of frameworks like ISO/IEC 27001:2022, NIST CSF, PCI‑DSS, and UK GDPR
* Strong communication skills — able to engage both technical and non‑technical audiences
* A collaborative mindset and a passion for making security a business enabler
Certifications like CISA, CRISC, or ISO 27001 Lead Implementer are a plus — but what matters most is your drive to make a difference.
Seniority level
Associate
Employment type
Full‑time
Job function
Information Technology
Industries
Airlines and Aviation
Location
Crawley, England, United Kingdom
#J-18808-Ljbffr