Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Execute governance, risk, and compliance activities while collaborating with IT and business teams.
- Company: Join Wood Mackenzie, a global leader in energy analytics and insights.
- Benefits: Enjoy a hybrid work model, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact in the energy sector by managing risks and ensuring compliance.
- Qualifications: Experience in IT audit or compliance, strong organisational skills, and clear communication.
- Other info: Be part of an inclusive team that values trust, curiosity, and customer commitment.
The predicted salary is between 28800 - 43200 £ per year.
Wood Mackenzie is the global leader in analytics, insights and proprietary data across the entire energy and natural resources landscape. For over 50 years our work has guided the decisions of the world’s most influential energy producers, utilities companies, financial institutions and governments. Now, with the world’s energy system more complex and interconnected than ever before, sector-specific views are no longer enough. That’s why we’ve redefined what’s possible with Intelligence Connected.
By fusing our unparalleled proprietary data with the sharpest analytical minds, all supercharged by Synoptic AI, we deliver a clear, interconnected view of the entire value chain. Our trusted team of 2,700 experts across 30 countries breaks siloes and connects industries, markets and regions across the globe. This empowers our customers to identify risk sooner, spot opportunities faster and recalibrate strategy with confidence – whether planning days, weeks, months or decades ahead.
Wood Mackenzie Values
- Inclusive – we succeed together
- Trusting – we choose to trust each other
- Customer committed – we put customers at the heart of our decisions
- Future Focused – we accelerate change
- Curious – we turn knowledge into action
Job Description
The role of the GRC Specialist is responsible for the day-to-day execution of governance, risk, and compliance (GRC) activities. This includes preparing for SOC and other audits, collecting and organizing evidence, responding to client/vendor security questionnaires, and maintaining the accuracy of the cyber risk register. The role works closely with IT, Security Engineering, and business stakeholders to ensure audit requests and client inquiries are addressed promptly and consistently. The Specialist ensures that risks, exceptions, and remediation actions are logged and tracked to completion, providing a strong operational foundation for the Risk & Compliance program.
Key Responsibilities
- Audit & Assurance Support: Collect and organize evidence for SOC2 and other internal audits. Track remediation items from audits, ensuring timely closure with responsible teams. Maintain a repository of reusable audit evidence to streamline future cycles. Support the Risk & Compliance Lead in responding to auditor and assessor queries.
- Client & Vendor Security Questionnaires: Coordinate responses to customer and third-party security questionnaires. Collaborate with technical owners (Engineering, IT, Product) to provide accurate answers. Maintain a knowledge base of pre-approved responses to accelerate RFPs and renewals. Ensure responses are consistent with SOC2 reports and company policy.
- Risk Register & Exception Management: Update and maintain the cyber risk register in coordination with the Risk & Compliance Lead. Record new risks, assign owners, and track remediation/progress. Document Policy Exception Risk Acceptance (PERA) approvals and expirations. Ensure risk data is kept current for reporting cycles.
- Reporting & Metrics: Contribute data for quarterly risk and compliance dashboards. Provide metrics on questionnaire volumes, audit findings, and remediation timelines. Highlight overdue risks, audit items, or exceptions to the Risk & Compliance Lead.
Experience & Skills
- Experience in IT audit, compliance, or GRC operations.
- Familiarity with audit frameworks (SOC2, ISO 27001, GDPR).
- Strong organizational skills for evidence collection and tracking.
- Ability to manage multiple concurrent requests and deadlines.
- Clear written communication for client questionnaires and reports.
- Experience in SaaS, data analytics, or regulated industries.
- Exposure to vendor/supplier risk assessments.
- Experience using GRC platforms (ServiceNow GRC, Archer, or equivalent).
Equal Opportunities
We are an equal opportunities employer. This means we are committed to recruiting the best people regardless of their race, colour, religion, age, sex, national origin, disability or protected veteran status.
GRC Specialist in Edinburgh employer: Wood Mackenzie Ltd
Contact Detail:
Wood Mackenzie Ltd Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land GRC Specialist in Edinburgh
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those already working at Wood Mackenzie. A friendly chat can open doors and give you insider info that could make your application stand out.
✨Tip Number 2
Prepare for the interview by brushing up on your GRC knowledge. Familiarise yourself with SOC2 and ISO 27001 frameworks, and be ready to discuss how you've tackled compliance challenges in the past. We want to see your expertise shine!
✨Tip Number 3
Showcase your organisational skills! During interviews, share examples of how you've managed multiple projects or deadlines. This will demonstrate your ability to handle the fast-paced environment we thrive in at Wood Mackenzie.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you're genuinely interested in joining our team at Wood Mackenzie.
We think you need these skills to ace GRC Specialist in Edinburgh
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the GRC Specialist role. Highlight relevant experience in IT audit, compliance, or GRC operations, and don’t forget to mention any familiarity with audit frameworks like SOC2 or ISO 27001.
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about governance, risk, and compliance, and how your skills align with our values at StudySmarter. Keep it concise but impactful!
Showcase Your Communication Skills: Since clear written communication is key for this role, make sure your application reflects that. Use straightforward language and structure your responses well, especially when addressing client questionnaires.
Apply Through Our Website: We encourage you to apply through our website for a smoother process. It helps us keep track of your application and ensures you don’t miss out on any important updates from us!
How to prepare for a job interview at Wood Mackenzie Ltd
✨Know Your GRC Frameworks
Familiarise yourself with key audit frameworks like SOC2 and ISO 27001. Be ready to discuss how your experience aligns with these standards, as this will show your understanding of the role and its requirements.
✨Prepare for Evidence Collection
Since the role involves collecting and organising evidence for audits, think of examples from your past work where you successfully managed similar tasks. Bring specific instances to the table that demonstrate your organisational skills and attention to detail.
✨Master Client Communication
You'll need to respond to client and vendor security questionnaires, so practice clear and concise communication. Prepare answers to common questions and ensure you can articulate your responses in a way that aligns with company policies.
✨Showcase Your Risk Management Skills
Be ready to discuss your experience with risk registers and exception management. Highlight any tools or platforms you've used, like ServiceNow GRC, and explain how you've tracked and reported on risks in previous roles.
