At a Glance
- Tasks: Support Governance, Risk and Compliance with Supplier Assurance and security operations.
- Company: Join a forward-thinking InfoSec team in Milton Keynes.
- Benefits: Competitive salary, professional development, and a dynamic work environment.
- Other info: Great opportunity for career growth and learning in a supportive environment.
- Why this job: Make a real impact on information security and risk management.
- Qualifications: Understanding of security principles and teamwork skills; experience preferred.
The predicted salary is between 40000 - 50000 £ per year.
To support Governance, Risk and Compliance with Supplier Assurance and occasionally the Security Operations team. The role supports the management of information security risk by assessing control effectiveness, validating evidence, and articulating risk in a business‑focused manner.
Key Responsibilities
- Assist with daily checks of monitoring systems to ensure they remain healthy.
- Provide support to maintain metrics and reporting to ensure the security threats and trends impacting our business are understood and are raised to the Governance, Risk and Compliance team.
- Liaise with 3rd party companies to support various day‑to‑day aspects of our security systems.
- Involve in third‑party Supplier Assurance and Security Impact Assessments.
- Aid with the development of processes, maintenance, and improvement of runbooks.
- Undertake basic risk assessments with supervision and direction; support some complex risk analysis as part of a team.
- Assist with security education and awareness.
- Assist in preparing for and conducting compliance audits.
- Take part and assist in running Tabletop Exercises.
- Support the delivery of broader security initiatives and projects.
- Continual improvement of internal reporting.
- Input into policies and standards.
Strategic Responsibility
This role has no accountability for setting or inputting into a specific strategy.
Business Knowledge
Work closely with the Assurance team on third‑party/supplier assurance and interact with the wider InfoSec team on various other projects; be familiar with third‑party/supplier assurance processes. Have required knowledge of penetration test assurance or vulnerability reporting and understand high‑level implications of the results. The role holder is not required to be hands‑on in operational security tooling but must engage effectively with technical teams such as SecOps.
Problem Solving
Demonstrate a strong risk‑based assurance mindset, combining technical security knowledge with the ability to assess control effectiveness, challenge evidence, and articulate information security risk in a business context. Require straightforward common sense and initiative, combined with clear judgement and guidance from precedents; independence in work is key.
Decision Making
Make decisions within defined procedures and occasionally outside of established procedures but within a policy framework.
Communication
Communicate across various levels, exchanging factual information and influencing skills as essential; produce clear, concise, evidence‑based assurance reports, risk statements, and recommendations. Communicate technical or security concepts in plain language to non‑technical stakeholders; present findings confidently to colleagues and senior management while providing constructive challenge and maintaining credibility and professional objectivity.
Innovation
Suggest improvements on existing procedures within areas of operation, including developing and adapting new or existing processes for increased quality/efficiency; continuously search for improvements in techniques that add value to the business and increase security.
Job Specifications
- Degree/Professional Qualification: Recognised security qualification (Security+, CySA+ etc) ideal but not essential.
- Knowledge: Understanding of using Third‑Party Risk Management (TPRM) Platforms. Familiarity working with Identity Governance platforms and processes. Ideally 3+ years of proven Information Technology experience with a good understanding of infrastructure and experience of Microsoft Azure and O365. A good awareness of information security best practices.
- Skills/Ability: A team player who is hardworking and has self‑organisation and time‑management skills. Excellent attention to detail. Strong analytical and troubleshooting skills. Ability to remain calm under pressure and clearly communicate to all levels of management. Experience preferred with NIST CSF or similar framework. Ability to generate reports from interrogating system data, using Microsoft CoPilot and/or PowerShell; not essential but valuable.
GRC Analyst employer: 慨正橡扯
As a GRC Analyst at our Milton Keynes location, you will thrive in a dynamic work culture that prioritises employee growth and development. We offer comprehensive training opportunities, a supportive team environment, and the chance to engage in meaningful projects that enhance your skills in governance, risk, and compliance. Join us to be part of a forward-thinking organisation that values innovation and collaboration, ensuring you have the tools and resources to succeed in your career.
StudySmarter Expert Advice🤫
We think this is how you could land GRC Analyst
✨Tip Number 1
Network like a pro! Reach out to folks in the InfoSec field, especially those who work with GRC. Attend meetups or webinars, and don’t be shy about asking for informational interviews. You never know who might have the inside scoop on job openings!
✨Tip Number 2
Show off your skills! Create a portfolio that highlights your experience with risk assessments, compliance audits, and any projects you've worked on. This can really set you apart when you're chatting with potential employers.
✨Tip Number 3
Prepare for interviews by brushing up on common GRC scenarios. Think about how you’d handle supplier assurance or security impact assessments. Practising your responses will help you articulate your thoughts clearly and confidently.
✨Tip Number 4
Don’t forget to apply through our website! We’ve got loads of opportunities, and applying directly can sometimes give you an edge. Plus, it’s super easy to keep track of your applications that way!
We think you need these skills to ace GRC Analyst
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the GRC Analyst role. Highlight relevant experience and skills that match the job description, especially around risk management and compliance. We want to see how you can bring value to our team!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about the role and how your background fits with our mission at StudySmarter. Keep it concise but impactful – we love a good story!
Showcase Your Communication Skills:Since communication is key in this role, make sure your application reflects your ability to convey complex ideas simply. Whether it's in your CV or cover letter, clarity and professionalism will impress us!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it’s super easy – just a few clicks and you’re done!
How to prepare for a job interview at 慨正橡扯
✨Know Your Stuff
Make sure you brush up on your knowledge of Governance, Risk and Compliance, especially in relation to Supplier Assurance. Familiarise yourself with the key responsibilities listed in the job description, so you can confidently discuss how your experience aligns with what they’re looking for.
✨Speak Their Language
When discussing technical concepts, remember to keep it simple. Practice explaining complex security ideas in plain language, as you'll need to communicate effectively with non-technical stakeholders. This will show that you can bridge the gap between technical and business perspectives.
✨Show Your Problem-Solving Skills
Prepare examples of how you've tackled risk assessments or security challenges in the past. Be ready to demonstrate your analytical skills and how you approach problem-solving, as this role requires a strong risk-based assurance mindset.
✨Ask Smart Questions
At the end of the interview, don’t forget to ask insightful questions about their current security initiatives or how they handle third-party risk management. This shows your genuine interest in the role and helps you gauge if the company is the right fit for you.
