At a Glance
- Tasks: Support Governance, Risk and Compliance with Supplier Assurance and security operations.
- Company: Join a forward-thinking InfoSec team in Milton Keynes.
- Benefits: Competitive salary, flexible working, and opportunities for professional growth.
- Other info: Dynamic role with opportunities to innovate and improve security processes.
- Why this job: Make a real impact on information security and risk management.
- Qualifications: Understanding of security principles and experience in IT preferred.
The predicted salary is between 40000 - 50000 £ per year.
To support Governance, Risk and Compliance with Supplier Assurance and occasionally the Security Operations team. The role supports the management of information security risk by assessing control effectiveness, validating evidence, and articulating risk in a business‑focused manner.
Key Responsibilities
- Assist with daily checks of monitoring systems to ensure they remain healthy.
- Provide support to maintain metrics and reporting to ensure the security threats and trends impacting our business are understood and are raised to the Governance, Risk and Compliance team.
- Liaise with 3rd party companies to support various day‑to‑day aspects of our security systems.
- Involve in third‑party Supplier Assurance and Security Impact Assessments.
- Aid with the development of processes, maintenance, and improvement of runbooks.
- Undertake basic risk assessments with supervision and direction; support some complex risk analysis as part of a team.
- Assist with security education and awareness.
- Assist in preparing for and conducting compliance audits.
- Take part and assist in running Tabletop Exercises.
- Support the delivery of broader security initiatives and projects.
- Continual improvement of internal reporting.
- Input into policies and standards.
Strategic Responsibility
This role has no accountability for setting or inputting into a specific strategy.
Business Knowledge
Work closely with the Assurance team on third‑party/supplier assurance and interact with the wider InfoSec team on various other projects; be familiar with third‑party/supplier assurance processes. Have required knowledge of penetration test assurance or vulnerability reporting and understand high‑level implications of the results. The role holder is not required to be hands‑on in operational security tooling but must engage effectively with technical teams such as SecOps.
Problem Solving
Demonstrate a strong risk‑based assurance mindset, combining technical security knowledge with the ability to assess control effectiveness, challenge evidence, and articulate information security risk in a business context. Require straightforward common sense and initiative, combined with clear judgement and guidance from precedents; independence in work is key.
Decision Making
Make decisions within defined procedures and occasionally outside of established procedures but within a policy framework.
Communication
Communicate across various levels, exchanging factual information and influencing skills as essential; produce clear, concise, evidence‑based assurance reports, risk statements, and recommendations. Communicate technical or security concepts in plain language to non‑technical stakeholders; present findings confidently to colleagues and senior management while providing constructive challenge and maintaining credibility and professional objectivity.
Innovation
Suggest improvements on existing procedures within areas of operation, including developing and adapting new or existing processes for increased quality/efficiency; continuously search for improvements in techniques that add value to the business and increase security.
Job Specifications
- Degree/Professional Qualification: Recognised security qualification (Security+, CySA+ etc) ideal but not essential.
- Knowledge: Understanding of using Third‑Party Risk Management (TPRM) Platforms. Familiarity working with Identity Governance platforms and processes. Ideally 3+ years of proven Information Technology experience with a good understanding of infrastructure and experience of Microsoft Azure and O365. A good awareness of information security best practices.
- Skills/Ability: A team player who is hardworking and has self‑organisation and time‑management skills. Excellent attention to detail. Strong analytical and troubleshooting skills. Ability to remain calm under pressure and clearly communicate to all levels of management. Experience preferred with NIST CSF or similar framework. Ability to generate reports from interrogating system data, using Microsoft CoPilot and/or PowerShell; not essential but valuable.
GRC Analyst in Milton Keynes employer: 慨正橡扯
As a GRC Analyst at our Milton Keynes office, you will join a dynamic team dedicated to fostering a culture of security and compliance. We offer a supportive work environment that prioritises employee growth through continuous learning opportunities and professional development. Our commitment to innovation and collaboration ensures that you will play a vital role in enhancing our security posture while enjoying the unique advantages of working in a vibrant city known for its rich history and modern amenities.
StudySmarter Expert Advice🤫
We think this is how you could land GRC Analyst in Milton Keynes
✨Tip Number 1
Networking is key! Reach out to professionals in the GRC field on LinkedIn or at industry events. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Prepare for interviews by brushing up on your knowledge of risk management and compliance frameworks. Be ready to discuss how you can contribute to the team’s goals, especially around supplier assurance.
✨Tip Number 3
Showcase your analytical skills during interviews. Bring examples of how you've tackled security challenges in the past, and be prepared to explain your thought process clearly.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive!
We think you need these skills to ace GRC Analyst in Milton Keynes
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the GRC Analyst role. Highlight relevant experience and skills that match the job description, especially around risk management and compliance. We want to see how you can contribute to our team!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about the role and how your background aligns with our needs. Keep it concise but impactful – we love a good story!
Showcase Your Communication Skills:Since communication is key in this role, make sure your application reflects your ability to convey complex information clearly. Use straightforward language and structure your documents well – it’ll show us you can communicate effectively with all levels of management.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it’s super easy – just follow the prompts!
How to prepare for a job interview at 慨正橡扯
✨Know Your Stuff
Make sure you brush up on your knowledge of Governance, Risk, and Compliance. Familiarise yourself with third-party risk management processes and be ready to discuss how you've applied these in past roles. This will show that you're not just a candidate, but someone who understands the field.
✨Speak Their Language
During the interview, aim to communicate technical concepts in a way that's easy for non-technical stakeholders to understand. Practice explaining complex ideas simply, as this is crucial for the role. It’ll demonstrate your ability to bridge the gap between technical teams and business needs.
✨Show Your Analytical Skills
Be prepared to discuss specific examples where you've assessed control effectiveness or conducted risk assessments. Highlight your analytical and troubleshooting skills by sharing stories that showcase your problem-solving abilities, especially under pressure.
✨Ask Smart Questions
Prepare thoughtful questions about the company's security initiatives and how they handle supplier assurance. This shows your genuine interest in the role and helps you gauge if the company aligns with your career goals. Plus, it gives you a chance to engage with the interviewers on a deeper level.
