Governance, Risk & Compliance (GRC) Analyst

Location: Remote - UK

Job Type: Full-time, Permanent

Salary: Competitive, based on experience + benefits + package

Security Clearance Requirements: Please note that holding a current Security Clearance is not essential at the time of application, but eligibility is required. This role requires the successful candidate to be eligible for Security Check (SC) clearance. To meet this requirement, applicants must:

• Have the right to work in the UK
• Have lived in the UK continuously for the past 5 years
• Not have spent more than 6 months outside the UK in total during that period
• Be willing to undergo security vetting as part of the onboarding process

About You: You’re someone who enjoys bringing structure, clarity and assurance to complex environments. You have a strong interest in governance, risk and compliance, and understand how effective security frameworks help organisations operate confidently and securely. You’re comfortable working across policies, frameworks, risk registers and audits, but equally enjoy collaborating with colleagues across the business to translate security and compliance requirements into practical, real-world processes. You take a methodical, detail-oriented approach to your work and are confident analysing risk, identifying gaps and helping implement improvements. At the same time, you understand that governance and compliance should enable the business, not slow it down. You’ll likely already have experience supporting information security governance, risk management or compliance programmes, and be keen to continue developing your expertise in areas such as ISO 27001, third-party risk, regulatory compliance and GRC tooling. Most importantly, you’ll bring a collaborative mindset, curiosity and a proactive approach to strengthening security and governance across the organisation.

About the Role: We are looking for a Governance, Risk & Compliance (GRC) Analyst to join our Security Team and support the ongoing development of our governance and compliance capabilities. Working closely with the Deputy Head of Security, you will help maintain and strengthen the organisation's Information Security Management System (ISMS) while supporting risk management, regulatory compliance and third-party assurance activities. This role will play an important part in preparing the organisation for our ISO 27001 journey, as well as supporting the implementation and ongoing management of a new GRC platform. You will work across multiple areas including governance frameworks, risk management processes, compliance monitoring and audit preparation, helping ensure security practices remain practical, proportionate and aligned with business objectives.

Key Objectives:

• Supporting the ongoing development and improvement of the organisation's governance and compliance frameworks
• Maintaining and strengthening our ISO 27001 aligned Information Security Management System
• Facilitating enterprise risk management processes, including risk identification and tracking
• Supporting third-party and supply chain risk assurance
• Contributing to the implementation and ongoing management of a GRC platform
• Supporting internal and external audit preparation
• Helping embed a strong security and compliance culture across the organisation

Success in This Role Looks Like: Within the first 3-6 months, success in the role will include:

• Taking ownership of key GRC and governance processes
• Supporting improvements across the organisation's risk management and compliance frameworks
• Contributing to the effective operation of the Information Security Management System
• Supporting the implementation and adoption of the organisation's GRC platform
• Helping prepare the organisation for upcoming ISO 27001 audit activities

Requirements: What We’re Looking For: We are looking for someone who is analytical, organised and comfortable working within structured governance frameworks. You should enjoy working across risk, compliance and security governance, while being able to communicate requirements clearly to both technical and non-technical stakeholders. This role suits someone who takes a methodical and detail-oriented approach, enjoys solving problems and is motivated by helping organisations manage risk and maintain strong security practices.

Essential Experience & Skills:

• Experience supporting risk assessments and risk registers
• Familiarity with governance and compliance frameworks such as ISO 27001, NIST or CIS
• Understanding of data protection and privacy principles
• Experience maintaining policies, standards and control documentation
• Ability to analyse risks and communicate findings clearly
• Strong organisational skills with attention to detail
• Experience working within security, compliance, risk or governance functions

Soft Skills & Behaviours:

• Strong analytical and problem-solving mindset
• Ability to translate regulatory or technical requirements into practical guidance
• Attention to detail and process discipline
• Collaborative and team-oriented approach
• Calm, conscientious and adaptable working style
• Positive attitude towards continuous improvement

Desirable Qualifications:

• CISSP
• CISM
• CRISC
• ISO 27001 Lead Implementer or Lead Auditor
• IAPP certifications
• Equivalent practical experience will also be considered.
• Experience working with GRC platforms such as Vanta, CompAI or similar
• Exposure to security or compliance reporting tools such as Power BI
• Experience supporting ISO 27001 certification or audit programmes
• Experience managing or contributing to third-party risk assessments

This is a great opportunity to help shape and improve governance and security practices across a growing technology organisation.

Benefits:

• Private Medical
• Inclusive Culture: Enjoy an inclusive culture and environment.
• Learning: Access to continuous learning and development opportunities.
• Bonus Potential: Bonus potential based on performance and business-related factors.
• Discounts: Discounts on a wide range of products and services.
• Pension: Pension scheme contributions.
• EV Car Scheme
• Hybrid Working Policy
• More Benefits: Explore additional benefits on our career site.

How to Apply: Please note that the talent acquisition team is managing this vacancy directly and we do not require agency support. Candidates who are successful will be required to undergo relevant security checks.

Our Process: Our talent acquisition team will be in touch if you're successful, the team will arrange a short screening call (max 30 minutes) to learn more about you, and what you are looking for and answer any questions you may have. If all goes well, the team will share your profile with the hiring manager for review. Our interview process is tailored to each role. As an inclusive employer, please inform us if you require any reasonable adjustments. Here at TIG we are committed to equal opportunities and value diversity, equity and inclusion at our company. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. As a Group, we seek to ensure that individuals with disabilities receive reasonable accommodation throughout the hiring process and ultimately within the job itself. Please contact us to request any accommodations.