Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Test and assess IT controls and cybersecurity measures to ensure compliance and effectiveness.
- Company: Join JD Sports, a leading global retailer in sports fashion and outdoor gear.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Collaborate with diverse teams and enhance your skills in a supportive workplace.
- Why this job: Be part of a dynamic team driving innovation and operational excellence in a fast-paced environment.
- Qualifications: 2-5 years in controls testing or IT audit with strong knowledge of cybersecurity frameworks.
The predicted salary is between 40000 - 50000 £ per year.
Established in 1981 with a single store in the Northwest of England, the JD Group is a leading omni-channel retailer of Sports Fashion, Outdoors and Gyms. JD Sports Fashion Plc was listed on the London Stock Exchange in 1996 and has been an FTSE100 publicly quoted company since 2019. We want to be the leading global omnichannel retailer in the sports and outdoor industry.
The GRC Analyst will sit within the second line of defence and is responsible for testing and assessing the design and operating effectiveness of IT General Controls (ITGCs) and cybersecurity controls across JD Sports. The role is focused on executing control testing, evaluating evidence, identifying control gaps and supporting audit readiness. The GRC Analyst will work closely with Technology, Internal Controls and Audit teams to ensure that the JD Sports control environment meets regulatory audit and internal risk management and control requirements.
Responsibilities
- Plan, execute and document risk-based testing of IT General Controls and cybersecurity controls across key domains including identity and access management, change management, computer operations and third-party risk.
- Assess controls for design adequacy and operating effectiveness in line with recognised frameworks such as COBIT, SOX ITGC, ISO 27001 and NIST.
- Collect, review and evaluate control evidence, applying professional scepticism and audit rigour.
- Identify control deficiencies and gaps, articulating root causes, risk impact and recommended remediation actions.
- Maintain accurate and complete working papers and test documentation.
- Support the development and maintenance of the Technology Controls Framework and ITGC and cybersecurity control library.
- Monitor and track control remediation activity, escalating overdue or high-risk items to senior stakeholders.
- Operate and provide input into Control Self-Assessment (CSA) processes.
- Support the GRC Controls Lead with internal and external auditors during IT audit cycles.
- Support preparation for inspections and audits, ensuring documentation and evidence packs are accurate, complete and audit-ready.
- Build effective working relationships and support cross-functional collaboration with other teams.
- Support in the development of clear and concise testing reports and exception summaries.
- Maintain GRC tooling, dashboards and metrics relating to ITGC and cybersecurity control coverage.
- Present findings and recommendations with clarity and confidence.
- Identify opportunities to improve the efficiency and effectiveness of the ITGC testing programme.
- Stay current with changes to relevant regulatory requirements, audit standards and industry best practice.
Qualifications
- 2-5 years of demonstrable experience in controls testing, IT audit, or GRC function.
- Strong understanding of IT General Controls domains.
- High-level and working knowledge of cybersecurity control domains.
- Ability to assess both control design and operating effectiveness.
- Experience collecting, evaluating and challenging control evidence.
- Strong written and verbal communication skills.
- Organised and methodical approach to workload management.
Required Skills
- Relevant professional certifications such as CISA, CRISC, CISSP or equivalent.
- Familiarity with audit frameworks and standards.
- Experience in a retail, e-commerce or large global enterprise environments.
- Familiarity with GRC tooling platforms.
Preferred Skills
- Independence and objectivity.
- Analytical thinking.
- Stakeholder engagement.
- Attention to detail.
- Continuous improvement.
GRC Analyst – Controls Testing & Assurance employer: JD Sports Fashion
Contact Detail:
JD Sports Fashion Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land GRC Analyst – Controls Testing & Assurance
✨Tip Number 1
Network like a pro! Reach out to people in the industry, attend events, and connect with current JD Sports employees on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for interviews by researching JD Sports and understanding their values and goals. Tailor your answers to show how your skills align with their mission of being a customer-focused organisation. We want to see your passion for the role!
✨Tip Number 3
Practice makes perfect! Conduct mock interviews with friends or use online resources to refine your responses. Focus on articulating your experience with IT General Controls and cybersecurity frameworks clearly and confidently.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, it shows you’re genuinely interested in joining the JD Sports team and contributing to our growth.
We think you need these skills to ace GRC Analyst – Controls Testing & Assurance
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the GRC Analyst role. Highlight your experience with IT General Controls and cybersecurity frameworks, as well as any relevant certifications. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about the role and how you can contribute to our goals at JD Sports. Keep it concise but impactful – we love a good story!
Showcase Your Communication Skills: Since this role involves working with various teams and stakeholders, make sure to demonstrate your strong written communication skills. Whether it's in your CV or cover letter, clarity and professionalism are key!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way to ensure your application gets into the right hands. Plus, it shows us that you're keen on joining our team at JD Sports!
How to prepare for a job interview at JD Sports Fashion
✨Know Your Frameworks
Make sure you brush up on key frameworks like COBIT, SOX ITGC, ISO 27001, and NIST. Being able to discuss how these frameworks apply to the role will show that you understand the technical requirements and can hit the ground running.
✨Prepare for Control Testing Scenarios
Think of specific examples from your past experience where you've executed control testing or identified control gaps. Be ready to articulate the steps you took, the challenges you faced, and how you overcame them. This will demonstrate your practical knowledge and problem-solving skills.
✨Showcase Your Communication Skills
As a GRC Analyst, you'll need to communicate findings clearly to both technical and non-technical audiences. Prepare to discuss how you've presented complex information in the past, and consider bringing along a sample report if it's appropriate. This will highlight your ability to convey important information effectively.
✨Engage with Stakeholders
Think about how you've built relationships with stakeholders in previous roles. Be prepared to discuss your approach to stakeholder engagement and how you’ve collaborated with teams like Technology, Internal Audit, and others. This will show that you can work well in a cross-functional environment.