Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join a team to manage Enterprise IT Security risks and conduct risk assessments.
- Company: Be part of a dynamic organization focused on IT security and compliance.
- Benefits: Enjoy hybrid work flexibility with at least 2 days onsite in Cambridge.
- Why this job: Make an impact by enhancing operational resilience and safeguarding services during incidents.
- Qualifications: Proven experience in security assessments and knowledge of standards like NIST and ISO.
- Other info: Ideal for those with cloud security experience and relevant certifications like CISSP or CISM.
The predicted salary is between 36000 - 60000 £ per year.
As an experienced GRC Risk Analyst, you will be part of a team responsible for identifying, reviewing, and shaping the management of Enterprise IT Security risks. The role will involve working with internal and external teams to cover areas such as risk assessments, security controls, and framework requirements. Responsibilities include: Recognize the IT security and compliance requirements and respond to regulatory inquiries and audits. Support Enterprise IT business continuity management needs. Safeguarding services and operations during incidents, and maturing capability to become operationally resilient. Develop Standard Operating Procedures for risk assessments, third party assessments, and process workflows for Security Governance, Risk, Resilience and Compliance. Ensure information on accountable technology is accurate (e.g. KB Articles / process maps / training documents and presentations / RACI / Contract information). Identify and raise risks, threats and vulnerabilities of technology security. Essential Experience required: Proven experience of internal security assessments and reviews, and documentation of information security risks. Security standards, and audit requirements including NIST CSF, 800-53, ISO 27001, PCI DSS, and SOC 2 Type 2 reports BCM programme governance framework, ideally ISO22301 aligned. Desirable Experience: Experience of implementing security within cloud services e.g. AWS, Azure etc. Technical security controls, procedures and systems e.g., Email Security, AV, EDR, Firewalls. Relevant security accreditations e.g. CISSP, CISM. Knowledge of ITIL processes. Working Policy: Hybrid working is in place for this role, with a minimum of 2 days onsite (Cambridge) required each week.
GRC Risk Analyst employer: Connected Consulting Limited
Contact Detail:
Connected Consulting Limited Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land GRC Risk Analyst
✨Tip Number 1
Familiarize yourself with the specific security standards mentioned in the job description, such as NIST CSF and ISO 27001. Being able to discuss these frameworks in detail during your interview will demonstrate your expertise and alignment with our needs.
✨Tip Number 2
Showcase any experience you have with cloud services like AWS or Azure. Highlighting your practical knowledge in implementing security measures in these environments can set you apart from other candidates.
✨Tip Number 3
Prepare to discuss your approach to risk assessments and how you've developed Standard Operating Procedures in previous roles. We value candidates who can articulate their process and thought leadership in this area.
✨Tip Number 4
Network with professionals in the GRC field and consider joining relevant online forums or groups. Engaging with the community can provide insights and connections that may help you during the application process.
We think you need these skills to ace GRC Risk Analyst
Some tips for your application 🫡
Understand the Role: Make sure to thoroughly read the job description for the GRC Risk Analyst position. Highlight key responsibilities and required experiences, such as risk assessments and security standards, to tailor your application.
Highlight Relevant Experience: In your CV and cover letter, emphasize your proven experience with internal security assessments, documentation of information security risks, and familiarity with standards like NIST CSF and ISO 27001. Use specific examples to demonstrate your expertise.
Showcase Technical Skills: Mention any technical skills related to security controls, cloud services (AWS, Azure), and relevant security accreditations (CISSP, CISM). This will help you stand out as a candidate who meets the desirable experience criteria.
Tailor Your Application: Customize your cover letter to reflect your understanding of the company's needs and how your background aligns with their goals. Address how you can contribute to their Enterprise IT Security risk management and operational resilience.
How to prepare for a job interview at Connected Consulting Limited
✨Understand the GRC Framework
Make sure you have a solid grasp of Governance, Risk, and Compliance (GRC) frameworks. Familiarize yourself with standards like NIST CSF, ISO 27001, and PCI DSS, as these will likely come up during your interview.
✨Showcase Your Experience
Be prepared to discuss your previous experience with internal security assessments and how you've documented information security risks. Use specific examples to illustrate your expertise and problem-solving skills.
✨Demonstrate Technical Knowledge
Highlight your understanding of technical security controls and procedures, especially in relation to cloud services like AWS and Azure. This knowledge is crucial for the role and will show that you're well-prepared.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your ability to handle incidents and manage risks. Think through potential situations you might face in the role and how you would respond effectively.
