Senior GRC Analyst

Posted 09 March 2022
Salary£60,000 plus share options
LocationUnited Kingdom
Job type Permanent
DisciplineCyber Defence
Contact NameJosh Keeley

Job description

Our client is a data software vendor going through hyper-growth and already a unicorn. As part of the ongoing commitment to improving the security of both the product range and overall business practices, we are supporting the hire of a Senior GRC Analyst to work directly with the Head of. Experience in SaaS companies is vital, including protecting cloud native environments.


What you will be doing


  • Take a leading role in the development of existing and creation of new policies and procedures that constitute ISMS to help make security policy more accessible and understandable for various colleagues

  • Contribute towards monthly security governance meetings by the submission of security metrics and collaborate on Governance meeting pack preparation work

  • Manage the communication across the business, to ensure policies are well socialised and awareness is maintained

  • Collaboratively work with teams across the business to help develop a clear understanding of the policies and information needed

  • Formally track, review and reassess all exceptions to security policy which may arise within the business.


  • Support GRC Team commitments in Customer enquiries in relation to information security and data privacy

  • Support external audits conducted in support of key information security certifications (SOC2, ISO27001, HIPAA)

  • Drive continuous internal compliance efforts against said information security certifications through the design and execution of compliance audit procedures

  • Provide guidance and consultative engagement with the business relating to security and privacy compliance

  • Keep abreast of new developments in the Information Security and Data Privacy compliance and regulatory landscape

  • Evaluate security incidents for violations of company policy and or privacy principles and where found ensure that corrective action is taken to prevent further instances

  • Support the implementation and execution of a Vendor risk management program


  • Research novel approaches to ISMS and policy management frameworks

  • Investigate new technologies and emerging industry practices which can help scale the function

  • Optimise the GRC function through use of automation, in-house, commercial and open source solutions


What we are looking for

  • Practical experience of developing, publishing and maintaining information security policies, standards and guidelines

  • Experience in establishing Information Security Governance programmes in a startup environment

  • Significant knowledge and experience with legal and regulatory compliance standards such as ISO27001, PCI-DSS, SOX, GDPR, HIPAA, CaCPA, etc.

  • Excellent written and oral communication skills

  • Strong understanding of fundamental information security concepts and technologies.


  • Experience within a cloud first business environment

  • CISSP, CISM, CISA, or other relevant security-related designation

  • Bachelor's degree or equivalent work experience

  • Clear, demonstrable commitment to the Information Security Community

  • Experience in Agile delivery environments

  • Experience with risk management in both a compliance and security context