At a Glance
- Tasks: Support governance, risk, compliance, and security assurance processes in a dynamic EdTech environment.
- Company: Join a growing EdTech SaaS company committed to innovation and customer trust.
- Benefits: Competitive salary, professional development, and a collaborative work culture.
- Other info: Work closely with cross-functional teams and enjoy excellent career growth opportunities.
- Why this job: Make a real impact on data protection and compliance in the education sector.
- Qualifications: Experience in IT risk, compliance, or GRC roles; understanding of GDPR is essential.
The predicted salary is between 33000 - 47000 £ per year.
Salary: £33,000 - 47,000 per year
Requirements
- Experience in IT risk, compliance, or GRC roles within a SaaS or technology environment.
- Understanding of GDPR and handling personal data, especially sensitive or child/student data.
- Experience performing risk assessments using structured frameworks and defined processes.
- Ability to interpret policies and apply them to operational and real‑world scenarios.
- Strong organisational, coordination, and documentation skills, including audit trails, evidence, and decision logs.
- Experience working with cross‑functional teams such as engineering, product, and operations.
- Experience supporting operational security assurance activities such as evidence collection, control validation, remediation tracking, or audit preparation.
- Familiarity with ISO 27001, Cyber Essentials, or similar frameworks is preferred.
- Experience supporting audits, evidence collection, or remediation tracking activities is preferred.
- Experience with vendor and third‑party risk management is preferred.
- Exposure to data protection processes such as SARs, DPIAs, and data sharing assessments is preferred.
- Exposure to data classification, data governance, or data loss prevention processes is preferred.
- Experience with GRC, compliance, or assurance platforms such as Vanta or Drata, and ticketing or workflow management tools is preferred.
- Exposure to Microsoft 365 security and compliance tooling such as Entra ID, Intune, Secure Score, and Defender is preferred.
- Basic understanding of cloud and SaaS architecture and common security controls is preferred.
Responsibilities
- Administer and operate IT risk, compliance, and security assurance processes aligned to internal policies and regulatory requirements, including GDPR.
- Act as a central point of contact for compliance‑related requests such as Subject Access Requests, data sharing requests, access requests, exceptions, and supplier onboarding.
- Perform risk assessments using defined criteria, focusing on data protection and information security risks.
- Review requests against defined policies and controls, escalating where appropriate in line with governance processes.
- Support third‑party and supplier risk assessments, including reviewing security and data protection documentation and tracking follow‑up actions.
- Support periodic reviews of high‑risk and business‑critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place.
- Support the implementation and ongoing operation of compliance and assurance tooling, including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities.
- Ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes.
- Support internal and external audits, including evidence gathering, action tracking, and coordination of remediation activities.
- Monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review.
- Support coordination and operational delivery of security improvement initiatives across IT and business teams.
- Support incident management processes through documentation, tracking, and coordination of follow‑up actions.
- Coordinate security awareness activities, including phishing simulation campaigns and training tracking.
- Assist with reviews of security tooling configurations and collection of supporting control evidence.
- Work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed.
- Contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust.
Technologies
- Cloud Support
- Microsoft 365 Security
- Office 365
Bromcom is an equal opportunities employer. We are seeking a Technical GRC Analyst to support the day‑to‑day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment. This role gives us exposure across governance, operational security assurance, compliance, and risk management, working closely with the IT & Information Security Manager and our wider IT team. We offer the opportunity to help maintain audit readiness, support assurance activities, and coordinate remediation and evidence management across the organisation while contributing to a business that values scalability, operational efficiency, and customer trust.
Technical GRC Analyst employer: Sivara GmbH
Bromcom is an exceptional employer, offering a dynamic work environment within the EdTech SaaS sector that prioritises employee growth and development. With a strong focus on collaboration across cross-functional teams, we provide ample opportunities for professional advancement while fostering a culture of inclusivity and innovation. Our commitment to maintaining audit readiness and operational efficiency ensures that employees are engaged in meaningful work that directly contributes to customer trust and organisational success.
StudySmarter Expert Advice🤫
We think this is how you could land Technical GRC Analyst
✨Join Compliance Communities
Get involved in compliance and risk communities — both online and offline. Look for forums, LinkedIn groups, or even local meetups where compliance pros hang out. You never know who might drop a job opportunity your way!
✨Attend Industry Conferences
Keep an eye out for compliance and risk management conferences and workshops in your area. These events are a goldmine for networking, and they often have job boards or recruiters on-site looking for new talent. Plus, it’s a chance to learn what's trending in the field.
✨Leverage Your University Career Services
If you’ve recently graduated or are still studying, head over to your university's career services. Many companies, including those in compliance, actively recruit fresh talent through these services, so make sure you tap into that resource.
✨Showcase Your Knowledge Online
Start writing articles or blog posts about compliance topics that interest you. Share them on platforms like LinkedIn to demonstrate your knowledge and passion. This not only builds your presence in the field but can also catch the attention of companies like Sivara GmbH looking for candidates who are engaged and informed.
We think you need these skills to ace Technical GRC Analyst
Some tips for your application 🫡
Show Your Understanding of Compliance:In the compliance-risk field, it's super important to showcase your understanding of regulations and risk management frameworks. Highlight any relevant coursework, certifications (like ICA or AML), or even projects that demonstrate your knowledge and commitment to this area. We want to see how you can navigate this complex landscape!
Quantify Your Achievements:When detailing your experience, try to quantify your achievements. For example, if you've previously worked on a project that improved compliance metrics or reduced risk exposure, give us the numbers! This data-driven approach really stands out to hiring managers in compliance-risk roles.
Tailor Your CV to Reflect Relevant Skills:Make sure your CV highlights skills that are particularly relevant to compliance, like attention to detail, analytical thinking, and report writing. Ensure these are easy to spot – consider using bullet points to break down your responsibilities and achievements for maximum impact!
Craft a Motivating Cover Letter:In your cover letter, let us know why you’re excited about the compliance-risk role at Sivara GmbH. Share what motivates you about compliance, and how you believe you can contribute to our mission. This is your chance to showcase not only your skills but also your passion for this important field!
How to prepare for a job interview at Sivara GmbH
✨Master the Regulations
Brush up on key compliance regulations relevant to the industry you're applying to. Familiarising yourself with specific laws and frameworks used in your field will give you an edge during technical questions. Show that you’re not just aware of them but can also apply them—think real-life scenarios!
✨Show Your Analytical Skills
Compliance roles really focus on analytical skills, so be prepared for case studies or situational questions during the interview. We've got to demonstrate how we approach risk assessments or compliance audits, possibly drawing on examples from past experiences or university projects. Bring some thoughtful case scenarios to discuss!
✨Know Your Tools
Get comfortable with commonly used compliance software and tools. Familiarity with platforms like RSA or MetricStream can really impress during your interview, as it shows you're ready to hit the ground running. If you’ve had any experience with them, make sure to highlight that!
✨Align with Company Culture
Since it's a full-time position, show your long-term commitment and interest in the company’s mission and values. Dive into how your ethics and professional philosophy align with Sivara GmbH’s stance on compliance. A shared vision can really resonate with interviewers looking for fit as much as skill!
