Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Support GRC policy development, conduct compliance reviews, and manage risk assessments.
- Company: Join JD Sports, a global leader in sports fashion and retail.
- Benefits: Enjoy flexible working options, competitive salary, and opportunities for professional growth.
- Why this job: Be part of a dynamic team driving security culture in a fast-paced environment.
- Qualifications: Bachelor's degree in Cybersecurity or related field; 5+ years experience preferred.
- Other info: Ideal for those passionate about IT security and compliance in a collaborative setting.
The predicted salary is between 36000 - 60000 £ per year.
Job Description for GRC Analyst
Business Area: Information Security
Job Title: GRC Analyst
Scope and Coverage: Global
Outline Purpose of Role:
- Support in the development and maintenance of the GRC policy, risk and controls frameworks and the associated processes and artefacts.
- Conduct internal and external compliance and controls reviews, testing and audits.
- Support effective stakeholder engagement and maintenance of GRC information repository such as policies and standards, risk register, etc.
- Help drive a robust security posture for a large, complex organisation, trading globally within a constantly evolving IT and information security threat environment.
Impact of Role:
- Supports the organisation’s IT and cyber governance, risk and compliance processes.
- Help drive good risk culture and behaviours into the business culture of JD Sports.
Reports to: This role resides in the Information Security Function and reports to a GRC Lead.
Direct Reports: Individual contributor with possible periodic oversight of seconded resources, contingent workers and systems integrators.
Key Elements of the Role:
The job holder will be responsible for assisting and supporting in a range of activities across the Governance, Risk and Compliance function. The job holder will be responsible for the following activities:
Governance and Policy:
- Develop a clear understanding of the organisation, its various entities (business units, subsidiaries, partners, and interdependent entities) to assess existing and applicable policy requirements.
- Contribute and manage IT and cyber policy, standards and guidelines development, maintenance and reviews.
- Identify, analyse and report on key policy metrics such as policy exceptions, breaches and identify relevant risks arisen from policy exception.
- Maintain and develop the IT and cyber GRC internal governance processes, such as monitoring of compliance changes, technological advancement, engagement activities, information repositories, stakeholder engagement, etc.
Risk Management:
- Maintain and manage the IT and cyber risk register including conducting of risk assessments and agreeing risk mitigating actions with stakeholders.
- Analyse and categorise IT and cyber risks, aligning risk assessment activities with business priorities and objectives.
- Track and prepare regular risk reporting to senior leadership highlighting KRIs, status and mitigations.
- Assess and monitor third party risks in accordance with the IT and cyber risk framework.
- Analyse incidents and events to identify omissions and opportunities for improvement in accordance with the organisation risk exposure and appetite.
Compliance:
- Assist in maintenance and improvements of IT and cyber controls framework with changes in compliance and technology requirements.
- Perform IT and cyber controls testing in line with the GRC assurance plan.
- Conduct reviews and assessments of third parties in line with JD compliance requirements.
- Support internal and external audits related to IT and cyber risk and ensure timely remediation of identified risks or control gaps.
Cross-functional Collaboration:
- Communicate with internal stakeholders (technical and non-technical) and suppliers to discuss GRC requirement and queries.
- Collaborate with third-party vendors and partners to enforce consistent GRC requirements within the supply chain and vendor ecosystem.
- Work closely with HR, procurement, legal, and other departments to ensure that GRC requirements are integrated into key business processes.
- Provide guidance and training to teams across the organization on IT and cyber GRC and best practices.
- Establish strong working relationship with the internal and external stakeholders to champion GRC processes and activities.
Key Attributes of The Jobholder:
Experience and Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, Compliance or a related field.
- 5+ years of experience in IT and cyber governance frameworks, policy development, cyber assurance, compliance or a related discipline.
- Certifications such as CISSP, CISM, CRISC, or equivalent are strongly preferred.
- In-depth understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and risk management methodologies.
- Experience of third-party risk management.
- Knowledge of regulatory requirements and compliance frameworks (e.g., GDPR, ITGC, PCI-DSS, etc.) related to IT, cybersecurity and risk management.
- Awareness of various operating systems including but not limited to Windows, Linux, Unix.
- Experience with cloud environments (AWS, Azure, GCP) and understanding of cloud security risks.
- Awareness of Agile environments and practices.
Key Skills:
- Ability to extract clarity from fast-paced, evolving scenarios by helping to clarify the inevitable ambiguity arising within a large, complex, and interdependent organisation.
- Strong analytical and problem-solving skills, with the ability to make informed risk-based decisions.
- Excellent communication skills, both written and verbal, to effectively present risks to senior leadership and non-technical audiences.
- A proven ability to work collaboratively and constructively with other managers to ensure clarity of purpose, effective communication, and mutual understanding IT and cyber frameworks and how to apply them.
- Strong organisational skills with experience of working collaboratively within multi-disciplined teams.
- Competent, engaging communication skills and an ability to articulate goals, achievements, risks, expectations, and needs to individuals and teams at all organisational levels.
- An ability to collaborate effectively in a diversely located team to focus on common goals and timelines.
Values and Behaviours:
The job holder will be a strategic thinker who is respectful and collaborative and able to work easily within a diverse and dispersed team of professionals and will exhibit:
- Goal-oriented focus,
- Strong schedule keeping,
- Openness,
- Integrity,
- Empathy,
- Accountability,
- Enthusiasm,
- Flexibility,
- Creativity.
#J-18808-Ljbffr
Grc Analyst employer: JD GROUP
Contact Detail:
JD GROUP Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Grc Analyst
✨Tip Number 1
Familiarise yourself with the specific GRC frameworks and compliance standards mentioned in the job description, such as NIST and ISO 27001. This knowledge will not only help you understand the role better but also demonstrate your commitment to the field during interviews.
✨Tip Number 2
Network with professionals in the cybersecurity and GRC fields through platforms like LinkedIn. Engaging with industry groups or attending relevant webinars can provide insights into current trends and challenges, making you a more informed candidate.
✨Tip Number 3
Prepare to discuss real-world scenarios where you've successfully managed risks or compliance issues. Having concrete examples ready will showcase your experience and problem-solving skills, which are crucial for this role.
✨Tip Number 4
Research JD Sports' current GRC initiatives and any recent news related to their cybersecurity efforts. This will allow you to tailor your discussions and show genuine interest in how you can contribute to their goals.
We think you need these skills to ace Grc Analyst
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in governance, risk, and compliance. Use keywords from the job description to demonstrate that you understand the role and its requirements.
Craft a Compelling Cover Letter: In your cover letter, explain why you're passionate about GRC and how your background aligns with the company's goals. Mention specific experiences that showcase your skills in risk management and compliance.
Showcase Relevant Certifications: If you have certifications like CISSP, CISM, or CRISC, be sure to mention them prominently in your application. These qualifications are highly valued for this role and can set you apart from other candidates.
Highlight Soft Skills: The role requires strong communication and collaboration skills. Provide examples in your application that demonstrate your ability to work effectively with diverse teams and communicate complex information clearly.
How to prepare for a job interview at JD GROUP
✨Understand the GRC Landscape
Before your interview, make sure you have a solid grasp of Governance, Risk, and Compliance (GRC) frameworks. Familiarise yourself with key concepts like NIST and ISO 27001, as well as relevant regulations such as GDPR and PCI-DSS. This knowledge will help you demonstrate your expertise and show that you're serious about the role.
✨Showcase Your Analytical Skills
As a GRC Analyst, strong analytical skills are crucial. Be prepared to discuss specific examples from your past experience where you've successfully identified risks or improved compliance processes. Use the STAR method (Situation, Task, Action, Result) to structure your responses and highlight your problem-solving abilities.
✨Communicate Effectively
Excellent communication skills are essential for this role, especially when presenting risks to senior leadership. Practice articulating complex ideas in simple terms, and be ready to explain how you would engage with both technical and non-technical stakeholders. This will showcase your ability to bridge gaps between different teams.
✨Demonstrate Collaboration Skills
Collaboration is key in a GRC role, so be prepared to discuss how you've worked with cross-functional teams in the past. Highlight any experiences where you've partnered with departments like HR, legal, or procurement to integrate GRC requirements into business processes. This will show that you can work effectively within a diverse team.
