Information Security GRC Analyst

Information Security GRC Analyst

Full-Time 40000 - 42500 £ / year (est.) No working from home possible
Office Collective

At a Glance

  • Tasks: Support information security governance, risk management, and compliance initiatives across diverse businesses.
  • Company: Purpose-driven organisation focused on technology, education, and innovation.
  • Benefits: Competitive salary, generous leave, bonus potential, and excellent learning opportunities.
  • Other info: Join a growing team committed to professional development and social purpose.
  • Why this job: Make a real impact in information security while developing your career in a collaborative culture.
  • Qualifications: Degree in IT or Cyber Security and experience in GRC environments.

The predicted salary is between 40000 - 42500 £ per year.

Are you passionate about information security, governance, risk, and compliance? Do you enjoy helping organisations strengthen their security posture while ensuring regulatory and industry compliance? An exciting opportunity has arisen for an Information Security GRC Analyst to join a growing and purpose-driven organisation where technology, education, and innovation come together to make a meaningful impact. This role offers the chance to work across a diverse group of businesses, supporting information security governance, risk management, compliance initiatives, and certification programmes. Working closely with the Information Security Manager, you will play a key role in shaping and enhancing the organisation's security framework while helping to drive a culture of security awareness and best practice.

Key responsibilities include:

  • Conducting information security risk assessments and ensuring alignment with security policies and industry best practice
  • Supporting the maintenance and development of the corporate information security risk register
  • Producing security reports, dashboards, and risk summaries for senior stakeholders
  • Supporting the implementation and ongoing management of ISO 27001 across the wider organisation
  • Working with stakeholders to identify, manage, and mitigate security risks
  • Conducting third-party supplier and vendor risk assessments
  • Developing, reviewing, and maintaining information security policies and procedures
  • Monitoring compliance with regulatory, contractual, and industry requirements
  • Supporting internal and external security audits and ensuring remediation actions are completed effectively
  • Delivering and maintaining security awareness training programmes for employees
  • Assisting with certification initiatives including ISO 27001 and Cyber Essentials Plus
  • Supporting investigations, technical reviews, and security improvement initiatives alongside technical teams

The successful candidate will possess:

  • A degree in Information Technology, Computer Science, Cyber Security, or a related discipline
  • Strong experience within Information Security, Governance, Risk, and Compliance (GRC) environments
  • Proven experience implementing and maintaining ISO 27001 frameworks
  • Experience conducting risk assessments and translating technical risks into meaningful business impact
  • Strong understanding of risk management methodologies, compliance frameworks, and security governance principles
  • Excellent stakeholder management and communication skills
  • Strong analytical and problem-solving abilities

Professional certifications such as ISO 27001 Lead Implementor, ISO 27001 Internal Auditor, CRISC, CGRC, or CGEIT are highly desirable. This role would particularly suit someone looking to further develop their career within information security governance while gaining exposure to a broad range of security, risk, compliance, and business continuity initiatives.

Why join?

You'll be joining an organisation with a strong social purpose, a collaborative culture, and a genuine commitment to professional development. In return, you'll benefit from excellent learning opportunities, a comprehensive benefits package, generous annual leave, bonus potential, and the opportunity to make a real impact within a growing technology and education environment.

Location: Greenford, West London

Contract: Permanent

Working Hours: 40 Hours Per Week

Salary: £40,000 – £42,500

Please note that sponsorship is not available for this position. Please apply directly via LinkedIn.

Information Security GRC Analyst employer: Office Collective

Join a purpose-driven organisation in Greenford, West London, where your passion for information security can thrive. With a collaborative culture and a strong commitment to professional development, you'll enjoy excellent learning opportunities, a comprehensive benefits package, and the chance to make a meaningful impact in the technology and education sectors.

Office Collective

Contact Details:

Office Collective Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Information Security GRC Analyst

Tip Number 1

Network like a pro! Reach out to people in the industry, attend events, and connect with professionals on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.

Tip Number 2

Prepare for interviews by researching the company and its security practices. Be ready to discuss how your skills align with their needs, especially around GRC and ISO 27001. Show them you’re not just a fit, but the perfect fit!

Tip Number 3

Practice your responses to common interview questions, especially those related to risk management and compliance. Use the STAR method (Situation, Task, Action, Result) to structure your answers and make them impactful.

Tip Number 4

Don’t forget to follow up after your interview! A quick thank-you email can leave a lasting impression and shows your enthusiasm for the role. Plus, it keeps you on their radar as they make their decision.

We think you need these skills to ace Information Security GRC Analyst

Information Security
Governance, Risk, and Compliance (GRC)
ISO 27001
Risk Assessments
Security Policies Development
Stakeholder Management
Communication Skills

Some tips for your application 🫡

Tailor Your CV:Make sure your CV is tailored to the Information Security GRC Analyst role. Highlight your experience in information security, governance, risk, and compliance, and don’t forget to mention any relevant certifications you have!

Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how your skills align with our mission at StudySmarter. Keep it concise but impactful!

Showcase Your Achievements:When detailing your experience, focus on specific achievements that demonstrate your ability to conduct risk assessments or implement ISO 27001 frameworks. Numbers and results speak volumes!

Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for this exciting opportunity. Don’t miss out!

How to prepare for a job interview at Office Collective

Know Your Stuff

Make sure you brush up on your knowledge of information security, governance, risk, and compliance. Familiarise yourself with ISO 27001 and be ready to discuss how you've implemented or maintained it in past roles. This shows you're not just a paper candidate but someone who can bring real value.

Showcase Your Experience

Prepare specific examples from your previous work that highlight your experience in conducting risk assessments and managing security policies. Use the STAR method (Situation, Task, Action, Result) to structure your answers, making it easier for interviewers to see your impact.

Engage with Stakeholders

Since stakeholder management is key in this role, think about how you've successfully communicated with different teams in the past. Be ready to share stories about how you’ve identified and mitigated risks while working collaboratively with others.

Ask Smart Questions

At the end of the interview, don’t forget to ask insightful questions about the company’s current security initiatives or challenges they face. This not only shows your interest but also gives you a chance to demonstrate your knowledge and enthusiasm for the role.