GRC Analyst – Cybersecurity Consultancy
📍 Location: Somerset (Hybrid – occasional travel to client sites or HQ)
💰 Salary: £45,000 – £50,000 + Benefits
🔒 Clearance: Must hold or be eligible for DV clearance
Overview
We’re representing a highly accredited UK cybersecurity consultancy that is seeking a GRC Analyst to join its growing governance, risk, and compliance team.
This role offers the opportunity to work across a diverse portfolio of clients, helping to strengthen their security posture, ensure compliance with regulatory and contractual obligations, and contribute to the ongoing development of robust risk and assurance frameworks.
Ideal for someone with experience in GRC, assurance, or information security, this position provides exposure to high-impact projects within a collaborative, forward-thinking environment.
Key Responsibilities
* Governance & Compliance: Support and maintain compliance frameworks, including ISO 27001, CAF, and other relevant standards.
* Risk Management: Identify, assess, and monitor security risks, ensuring effective mitigation and continuous improvement within the ISMS.
* Audit & Assurance: Plan, conduct, and coordinate internal and external audits, tracking findings and follow-up actions to closure.
* Policy & Control Development: Assist in developing, reviewing, and improving security policies, procedures, and control documentation.
* Supplier & Third-Party Risk: Support assurance activities with suppliers, partners, and service providers to maintain a consistent security baseline.
* Information Governance: Contribute to compliance with data protection regulations such as GDPR and the Data Protection Act 2018.
* Awareness & Training: Promote security best practice through awareness initiatives and collaboration with internal and external stakeholders.
* Stakeholder Engagement: Build strong relationships across technical and business functions to support security governance objectives.
Skills & Experience
Essential:
* Experience within GRC, assurance, risk management, or information security.
* Understanding of risk assessment methodologies and compliance frameworks (e.g. ISO 27001, CAF, NIST).
* Strong communication and reporting skills, with the ability to produce clear, concise documentation.
* Excellent organisation and prioritisation skills with attention to detail.
* Confident engaging with stakeholders at all levels of the business.
Desirable:
* Experience with audit management tools or compliance automation platforms.
* Knowledge of GDPR, Data Protection Act 2018, or similar legislation.
* Degree in Cybersecurity, Information Security, or a related field.
* Professional certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Implementer/Auditor.
Benefits
* Competitive salary and comprehensive benefits package.
* Flexible hybrid working arrangements.
* Access to professional development and certification support.
* Inclusive and supportive culture focused on collaboration and innovation.
* Clear opportunities for career growth and progression within a fast-scaling consultancy.
Core Values
This organisation is driven by collaboration, accountability, and innovation. It fosters a culture of continuous improvement and empowers its people to make meaningful contributions to both client success and the company’s mission of delivering security excellence.