Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Execute governance, risk, and compliance activities while supporting audits and client inquiries.
- Company: Join Wood Mackenzie, a global leader in energy analytics and insights.
- Benefits: Competitive salary, inclusive culture, and opportunities for professional growth.
- Why this job: Make an impact in the energy sector by managing risks and ensuring compliance.
- Qualifications: Experience in IT audit or compliance, strong organisational skills, and clear communication.
- Other info: Dynamic team environment with a commitment to equal opportunities.
The predicted salary is between 30000 - 50000 £ per year.
Wood Mackenzie is the global leader in analytics, insights and proprietary data across the entire energy and natural resources landscape. For over 50 years our work has guided the decisions of the world’s most influential energy producers, utilities companies, financial institutions and governments. Now, with the world’s energy system more complex and interconnected than ever before, sector-specific views are no longer enough. That’s why we’ve redefined what’s possible with Intelligence Connected. By fusing our unparalleled proprietary data with the sharpest analytical minds, all supercharged by Synoptic AI, we deliver a clear, interconnected view of the entire value chain.
The role of the GRC Specialist is responsible for the day-to-day execution of governance, risk, and compliance (GRC) activities. This includes preparing for SOC and other audits, collecting and organizing evidence, responding to client/vendor security questionnaires, and maintaining the accuracy of the cyber risk register. The role works closely with IT, Security Engineering, and business stakeholders to ensure audit requests and client inquiries are addressed promptly and consistently. The Specialist ensures that risks, exceptions, and remediation actions are logged and tracked to completion, providing a strong operational foundation for the Risk & Compliance program.
Key Responsibilities
- Audit & Assurance Support
- Collect and organize evidence for SOC2 and other internal audits.
- Track remediation items from audits, ensuring timely closure with responsible teams.
- Maintain a repository of reusable audit evidence to streamline future cycles.
- Support the Risk & Compliance Lead in responding to auditor and assessor queries.
- Coordinate responses to customer and third-party security questionnaires.
- Collaborate with technical owners (Engineering, IT, Product) to provide accurate answers.
- Maintain a knowledge base of pre-approved responses to accelerate RFPs and renewals.
- Ensure responses are consistent with SOC2 reports and company policy.
- Update and maintain the cyber risk register in coordination with the Risk & Compliance Lead.
- Record new risks, assign owners, and track remediation/progress.
- Document Policy Exception Risk Acceptance (PERA) approvals and expirations.
- Ensure risk data is kept current for reporting cycles.
- Contribute data for quarterly risk and compliance dashboards.
- Provide metrics on questionnaire volumes, audit findings, and remediation timelines.
- Highlight overdue risks, audit items, or exceptions to the Risk & Compliance Lead.
Experience & Skills
- Experience in IT audit, compliance, or GRC operations.
- Familiarity with audit frameworks (SOC2, ISO 27001, GDPR).
- Strong organizational skills for evidence collection and tracking.
- Ability to manage multiple concurrent requests and deadlines.
- Clear written communication for client questionnaires and reports.
- Experience in SaaS, data analytics, or regulated industries.
- Exposure to vendor/supplier risk assessments.
- Experience using GRC platforms (ServiceNow GRC, Archer, or equivalent).
We are an equal opportunities employer. This means we are committed to recruiting the best people regardless of their race, colour, religion, age, sex, national origin, disability or protected veteran status. You can find out more about your rights under the law at www.eeoc.gov. If you are applying for a role and have a physical or mental disability, we will support you with your application or through the hiring process.
GRC Specialist employer: Wood Mackenzie
Contact Detail:
Wood Mackenzie Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land GRC Specialist
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those already at Wood Mackenzie. A friendly chat can give you insider info and maybe even a referral!
✨Tip Number 2
Prepare for the interview by brushing up on your GRC knowledge. Familiarise yourself with SOC2 and ISO 27001 frameworks, and be ready to discuss how you've tackled similar challenges in the past.
✨Tip Number 3
Showcase your organisational skills! Bring examples of how you've managed multiple audit requests or tracked remediation items effectively. This will demonstrate your fit for the role.
✨Tip Number 4
Don't forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you're serious about joining the team!
We think you need these skills to ace GRC Specialist
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the GRC Specialist role. Highlight your experience in IT audit, compliance, and any familiarity with frameworks like SOC2 or ISO 27001. We want to see how your skills align with what we’re looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about governance, risk, and compliance. Share specific examples of your past experiences that relate to the responsibilities listed in the job description.
Be Clear and Concise: When filling out your application, clarity is key. Use straightforward language and avoid jargon unless it’s relevant. We appreciate well-organised responses, especially when it comes to client/vendor security questionnaires.
Apply Through Our Website: Don’t forget to apply through our website! It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it gives you a chance to explore more about Wood Mackenzie and our values.
How to prepare for a job interview at Wood Mackenzie
✨Know Your GRC Frameworks
Familiarise yourself with key audit frameworks like SOC2 and ISO 27001. Be ready to discuss how these frameworks apply to the role and share any relevant experiences you've had in implementing or working with them.
✨Showcase Your Organisational Skills
Prepare examples that highlight your ability to collect and organise evidence efficiently. Think of specific instances where you managed multiple requests or deadlines, and be ready to explain your approach.
✨Communicate Clearly
Practice articulating your thoughts clearly, especially when discussing complex topics like risk management or compliance. You might even want to prepare a few responses for common client/vendor security questionnaire scenarios.
✨Understand the Company’s Values
Research Wood Mackenzie’s values and how they align with the role of a GRC Specialist. Be prepared to discuss how you can contribute to their mission of delivering interconnected insights and supporting their clients effectively.
