Job title: Information Security GRC Analyst
Location: London Area, United Kingdom
Type: Full time
Our client is seeking an experienced Information Security Risk & Compliance Analyst to support governance, risk management, and compliance initiatives across the organization. This role is critical in ensuring alignment with security frameworks, regulatory standards, and enterprise risk management practices.
Role Overview
The selected candidate will work closely with the Information Security leadership team to manage risk assessments, support compliance frameworks (such as ISO 27001), and strengthen overall security posture. The role involves cross-functional collaboration, continuous process improvement, and active participation in audits and certification efforts.
Key Responsibilities
- Conduct risk assessments in line with security best practices and internal policies
- Support maintenance of the corporate risk register and deliver regular reporting to senior leadership
- Assist in implementing and maintaining ISO 27001 compliance frameworks
- Collaborate with stakeholders to define and track corrective action plans
- Continuously improve risk assessment processes, documentation, and reporting mechanisms
- Perform third-party/vendor risk assessments
- Develop, review, and update information security policies and procedures
- Ensure compliance with external regulatory and internal governance requirements
- Track audit findings and ensure timely remediation and closure
- Support delivery of organization-wide security awareness and training initiatives
- Assist in security certification efforts (e.g., Cyber Essentials Plus)
- Partner with technical teams to support investigations and analysis of security issues
Required Qualifications
- Bachelor’s degree in Information Technology, Computer Science, or related field
- Relevant certifications such as ISO 27001 Lead Implementer or Internal Auditor, along with CGEIT, CRISC, or CGRC
Required Skills & Experience
- 5+ years of experience in Information Security, Risk, or IT
- Proven experience implementing ISO 27001 frameworks and Business Continuity / ITDR initiatives
- Hands-on experience with Governance, Risk, and Compliance (GRC) tools and reporting
- Strong experience conducting risk assessments, including impact and likelihood analysis
- Ability to translate technical security risks into clear business insights
Preferred Skills
- Familiarity with cybersecurity audit practices and frameworks
- Strong written and verbal communication skills to convey complex topics clearly
- Analytical mindset with strong problem-solving capabilities
Key Competencies
- Information Security Governance
- Risk Assessment & Compliance
- ISO 27001 Implementation
- GRC Tools & Reporting
- Audit & Regulatory Compliance
- Stakeholder Communication
- Continuous Improvement
What Our Client Offers
- Competitive benefits package, including flexible leave policies and additional annual leave benefits
- Career development opportunities, including training and tuition reimbursement
- Comprehensive wellbeing and benefits programs (health, dental, life, etc.)
- Employee discounts and assistance programs
- Performance-based rewards, bonuses, and recognition programs
…