At a Glance
- Tasks: Support Governance, Risk and Compliance with Supplier Assurance and manage information security risks.
- Company: Join a forward-thinking InfoSec team in Milton Keynes.
- Benefits: Competitive salary, flexible working, and opportunities for professional growth.
- Other info: Collaborative culture with excellent career advancement opportunities.
- Why this job: Make a real impact on security initiatives while developing your skills in a dynamic environment.
- Qualifications: Degree or security qualification preferred; 3+ years IT experience is a plus.
The predicted salary is between 40000 - 50000 € per year.
To primarily support Governance, Risk and Compliance with Supplier Assurance, as well as occasionally the Security Operations team. The role supports the management of information security risk by assessing control effectiveness, validating evidence, and clearly articulating risk in a business‑focused manner.
Key Responsibilities / Job Tasks
- Assist with daily checks of monitoring systems to ensure they remain healthy.
- Provide support to maintain metrics and reporting to ensure the security threats and trends impacting our business are understood and are raised to the Governance, Risk and Compliance team.
- Liaise with 3rd party companies to support various day to day aspects of our security systems.
- Involvement in third party Supplier Assurance and Security Impact Assessments.
- Aid with the development of processes, maintenance, and improvement of runbooks.
- Undertake basic risk assessments with supervision and direction.
- Supports some complex risk analysis as part of a team.
- Assist with security education and awareness.
- Assist in preparing for and conducting compliance audits.
- Take part and assist in running Tabletop Exercises.
- Support the delivery of broader security initiatives and projects.
- Continual improvement of internal reporting.
- Input into policies and standards.
Skills & Job Requirements
Strategic Responsibility
This role has no accountability for setting or inputting into a specific strategy.
Business Knowledge
Working very closely with the Assurance team on third party/supplier assurance and interacting with the wider InfoSec team on various other projects from time to time. To be familiar with third‑party/supplier assurance processes. Required knowledge of penetration test assurance or vulnerability reporting and be able to understand the high‑level implications of the results. The role holder will not be required to be hands‑on in operational security tooling but will have to be able to engage effectively with technical teams such as SecOps.
Problem Solving
The role holder will demonstrate a strong risk‑based assurance mindset, combining technical security knowledge with the ability to assess control effectiveness, challenge evidence, and clearly articulate information security risk in a business context. The role requires straightforward common sense and initiative, combined with clear judgement and is guided mostly by precedents. The ability to work independently is key.
Decision Making
Make decisions within defined procedures and occasionally outside of established procedures but within a policy framework.
Communication
Able to communicate across various levels with the regular exchange of factual information, with influencing skills as an essential requirement of the role. Excellent written communication skills, with experience producing clear, concise, evidence‑based assurance reports, risk statements, and recommendations. Ability to communicate technical or security concepts in plain language to non‑technical stakeholders and confidence presenting findings to colleagues and senior management and providing constructive challenge while maintaining credibility and professional objectivity.
Innovation
Suggest improvements on existing procedures within their areas of operation, including developing and adapting new or existing processes for increased quality/efficiency, continuously searching for improvements in techniques which add value to the business and increases security.
Job Specifications
Degree / Professional Qualification
Recognised security qualification (Security +, CySA+ etc) ideal but not essential.
Knowledge
Understanding of using Third‑Party Risk Management (TPRM) Platforms. Familiarity working with Identity Governance platforms and processes. Ideally 3+ years of proven Information Technology experience with a good understanding of infrastructure and experience of Microsoft Azure and O365. A good awareness of information security best practices.
Skills / Ability
A team player who is hard working and has self‑organisation and time management skills. Excellent attention to detail. Strong Analytical and Troubleshooting Skills. Ability to remain calm under pressure and clearly communicate to all levels of management. Experience preferred with NIST CSF or similar framework. The ability to generate reports, from interrogating system data, using Microsoft CoPilot and or PowerShell, not essential but valuable to have.
GRC Analyst employer: hackajob
As a GRC Analyst at our Milton Keynes location, you will thrive in a dynamic work culture that prioritises employee growth and development. We offer comprehensive training opportunities, a supportive team environment, and the chance to engage in meaningful projects that enhance your skills in governance, risk, and compliance. Join us to be part of a forward-thinking organisation that values innovation and collaboration, ensuring you have the tools and support needed for a rewarding career.
StudySmarter Expert Advice🤫
We think this is how you could land GRC Analyst
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the GRC space. Attend industry events, webinars, or even local meetups. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Don’t underestimate the power of LinkedIn! Make sure your profile is up-to-date and reflects your skills in governance, risk, and compliance. Engage with relevant content, join groups, and reach out to recruiters directly. It’s all about visibility!
✨Tip Number 3
Prepare for interviews by brushing up on your technical knowledge and soft skills. Be ready to discuss how you’d handle real-world scenarios related to supplier assurance and risk assessments. Practice makes perfect, so consider mock interviews with friends or mentors.
✨Tip Number 4
Apply through our website! We’ve got a streamlined process that makes it easy for you to showcase your skills. Plus, it shows you’re genuinely interested in joining our team. Don’t miss out on the chance to land that GRC Analyst role!
We think you need these skills to ace GRC Analyst
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the GRC Analyst role. Highlight relevant experience and skills that match the job description, especially around risk assessment and compliance. We want to see how you can contribute to our team!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about governance, risk, and compliance. Share specific examples of your past work that align with the responsibilities listed in the job description.
Showcase Your Communication Skills:Since this role requires excellent written communication, make sure your application is clear and concise. Use plain language to explain complex concepts, just like you would when communicating with non-technical stakeholders.
Apply Through Our Website:We encourage you to apply through our website for the best chance of getting noticed. It’s super easy, and you’ll be able to keep track of your application status. Plus, we love seeing applications come directly from our site!
How to prepare for a job interview at hackajob
✨Know Your Stuff
Make sure you brush up on your knowledge of Governance, Risk, and Compliance, especially around Supplier Assurance. Familiarise yourself with third-party risk management processes and be ready to discuss how you've applied these in past roles.
✨Communicate Clearly
Practice articulating complex security concepts in simple terms. You’ll need to explain technical details to non-technical stakeholders, so being able to break things down will show your communication skills and understanding of the role.
✨Show Your Analytical Skills
Prepare to demonstrate your analytical and troubleshooting abilities. Think of examples where you've assessed control effectiveness or conducted risk assessments, and be ready to discuss the outcomes and what you learned from them.
✨Engage with the Team
Since this role involves liaising with various teams, think about how you can showcase your teamwork skills. Be prepared to share experiences where you collaborated effectively, especially in high-pressure situations or during compliance audits.
