GRC Analyst (Security Governance & Configuration) in Glasgow

Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals.

About the role: As a GRC Analyst, you’ll play a key role in strengthening governance, risk, and compliance practices across a major energy network programme. This is a hands‑on role where you’ll help shape how secure configuration and change management are defined, documented, and embedded across the organisation. You’ll be working at the intersection of cyber security, governance, and business change—translating complex security standards into clear, practical processes that teams can understand and adopt.

From developing configuration management plans aligned to recognised standards, through to supporting rollout and communication across the business, your work will directly influence how security is applied in real-world operations. You’ll collaborate closely with security, change, and business teams, ensuring that governance processes are not only well-designed, but effectively implemented and understood. This is an opportunity to contribute to a high‑impact programme, bringing structure, clarity, and consistency to critical security practices.

As a GRC Analyst, you will:

• Develop and document a Configuration Management Plan aligned to recognised standards such as NIST.
• Define and document roles and responsibilities across the 2nd Line of Defence, ensuring clarity and accountability.
• Support the rollout of configuration management processes, including communication, stakeholder engagement, and adoption.
• Document secure configuration policy principles, translating technical requirements into clear, accessible guidance.
• Review, refine, and communicate security policies to ensure alignment with organisational and regulatory expectations.
• Gather and interpret configuration compliance reports from monitoring tools to support governance activities.
• Enhance change management processes, including contributing to Change Advisory Board (CAB) inputs.
• Work closely with business change and communications teams to embed new processes effectively.
• Simplify complex security concepts into practical guidance for non‑technical stakeholders.
• Maintain clear, structured documentation that supports ongoing governance and audit requirements.

Experience working with cyber security standards such as ISO 27001 or NIST frameworks (e.g. NIST 800‑53). Understanding of secure configuration principles and cyber security policy development. Experience writing policies, procedures, or governance documentation within a security context. Strong documentation skills, with the ability to produce clear, structured, and usable outputs. Ability to understand and map process flows, including defining roles and responsibilities (e.g. RACI models). Strong communication skills, with the ability to translate technical concepts into business-friendly language. Experience collaborating with cross‑functional teams, including security, change, and communications.

It would be great if you also had:

• Experience developing or implementing a Configuration Management Plan.
• Exposure to governance within large-scale transformation or regulated environments.
• Familiarity with compliance reporting and monitoring tools.
• Experience supporting change management processes or governance forums such as CAB.

At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package:

• Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth.
• Flexible working: Flexible work arrangements to support your work‑life balance.
• A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well‑being, and insurance schemes.

At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us.