Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join us as a GRC Analyst to ensure compliance and manage IT risk across the organisation.
- Company: We are a forward-thinking company dedicated to maintaining high security standards and regulatory compliance.
- Benefits: Enjoy flexible working options, professional development opportunities, and a supportive team culture.
- Why this job: Make a real impact by safeguarding our information security and collaborating with diverse teams.
- Qualifications: Bachelor’s degree in Information Security or related field; 2-3 years of relevant experience required.
- Other info: Experience with GRC platforms and knowledge of privacy laws is a plus.
The predicted salary is between 36000 - 60000 £ per year.
We are seeking a dedicated and detail-oriented Governance, Risk and Compliance (GRC) Analyst to join our team. In this role, you will need to ensure that we meet regulatory obligations, align with frameworks and security standards, and manage and maintain IT risk across the organization and supply chain. You will collaborate with cross-functional teams within the organization as well work closely with external vendors, auditors and clients to embed GRC practices, maintain security controls and reassure adherence to frameworks and policies.
Your Responsibilities
- Maintain and improve our Information Security Management System (ISMS).
- Monitor compliance with security frameworks.
- Support the IT and Information Security policy lifecycle.
- Maintain the IT Security risk register.
- Manage risk and track risk mitigation across the various Teams within the organization’s technology department.
- Conduct security reviews and risk assessments of suppliers and partners.
- Complete audits for clients and assist in the review process with their corresponding audit teams.
- Coordinate internal and external audits.
- Audit internal processes for compliance.
- Work closely with the Privacy Analyst to assist with DPIAs, RoPAs and data subject workflows.
- Maintain the GRC platform.
- Maintain security awareness training platform and assist in the delivery of relevant training.
- Assist with the creation and maintenance of metrics relevant to control effectiveness and maturity.
- Stay up-to-date with relevant frameworks and regulatory requirements.
Required Skills, Qualifications, and Experience
- Bachelor’s degree in Information Security, or related field.
- Relevant certifications (e.g., ISO27001 Lead Implementer, CIPP, CRISC etc.) are a plus.
- At least 2-3 years of experience in GRC, Information Security, or related fields.
- Hands-on experience with GRC platforms, OneTrust is a bonus.
- Experience with risk management and risk assessment methodologies.
- Knowledge of frameworks like CIS 8.0, ISO 27001, NIST CSF, GDPR, NIS2, or similar.
- Experience in auditing, reporting, and investigating privacy breaches.
- Ability to interpret and apply complex legal and regulatory requirements.
- Experience working with cross-functional teams to implement privacy measures.
- Providing clear guidance and training to employees on privacy standards.
- Exposure to cloud-native environments and associated risk controls.
- Exposure in Artificial Intelligence systems and associated risk controls is a bonus.
- Strong understanding of privacy laws and frameworks (e.g., GDPR, CCPA).
Governance, Risk and Compliance Analyst employer: Vista Global
Contact Detail:
Vista Global Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Governance, Risk and Compliance Analyst
✨Tip Number 1
Familiarise yourself with the specific frameworks and regulations mentioned in the job description, such as ISO 27001 and GDPR. This knowledge will not only help you understand the role better but also demonstrate your commitment to compliance during interviews.
✨Tip Number 2
Network with professionals in the GRC field through platforms like LinkedIn. Engaging with industry groups or forums can provide insights into current trends and challenges, which you can discuss during your interview to show your proactive approach.
✨Tip Number 3
Gain hands-on experience with GRC tools, especially OneTrust if possible. Familiarity with these platforms can set you apart from other candidates and give you practical examples to share when discussing your skills.
✨Tip Number 4
Prepare to discuss your experience with risk management methodologies and how you've applied them in previous roles. Be ready to provide specific examples of how you've identified and mitigated risks, as this is a key aspect of the GRC Analyst position.
We think you need these skills to ace Governance, Risk and Compliance Analyst
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in Governance, Risk and Compliance. Focus on specific projects or roles where you've managed IT risk, conducted audits, or worked with security frameworks.
Craft a Compelling Cover Letter: In your cover letter, express your passion for GRC and detail how your skills align with the job requirements. Mention any relevant certifications and your experience with GRC platforms, especially if you have hands-on experience with OneTrust.
Showcase Relevant Skills: Emphasise your knowledge of frameworks like ISO 27001, NIST CSF, and GDPR. Provide examples of how you've applied these in previous roles, particularly in risk management and compliance.
Proofread Your Application: Before submitting, carefully proofread your application for any spelling or grammatical errors. A polished application reflects attention to detail, which is crucial for a GRC Analyst role.
How to prepare for a job interview at Vista Global
✨Know Your Frameworks
Familiarise yourself with key frameworks like ISO 27001, NIST CSF, and GDPR. Be prepared to discuss how you've applied these in previous roles or how you would approach compliance in this position.
✨Showcase Your Experience
Highlight your hands-on experience with GRC platforms, especially if you've worked with OneTrust. Share specific examples of risk assessments or audits you've conducted to demonstrate your expertise.
✨Prepare for Scenario Questions
Expect scenario-based questions that assess your problem-solving skills in risk management. Think about past challenges you've faced and how you navigated them, particularly in cross-functional team settings.
✨Stay Updated on Regulations
Demonstrate your commitment to staying current with regulatory changes and industry standards. Discuss any recent developments in privacy laws or security frameworks that could impact the role.
