Information Security - GRC Analyst

About the position The Information Security GRC Analyst supports the InfoSec GRC Lead in operating and improving the organization’s governance, risk, and compliance program. The role focuses on reviewing client MSAs and related security requirements, supporting internal and client audits, driving risk and exception management workflows, and supporting supplier/third-party security reviews. The organization is aligned to ISO/IEC 27001 and is implementing ISO/IEC 42001. The role supports compliance activities relevant to HIPAA, GDPR, and APPI. This is an excellent opportunity for recent graduates or young professionals to build their career in information security.

Responsibilities

• Governance & Management System Support: Maintain documentation and evidence for ISO/IEC 27001 & ISO/IEC 42001; support continual improvement activities.
• Client MSA & Security Requirements Review: Extract and document security requirements from client MSAs; identify gaps and risks; coordinate with Legal and Privacy teams.
• Audit Support: Coordinate internal and client audit requests; collect evidence; ensure traceability between requirements, controls, and evidence.
• Risk Management & Exceptions: Assist with risk assessments for vendors/projects; maintain risk registers; support exception workflows.
• Supplier Reviews: Assess third-party security submissions; track supplier risk ratings and remediation actions.
• Compliance Support: Help map regulatory requirements (HIPAA, GDPR, APPI) to internal controls; maintain compliance documentation.
• Reporting & Improvement: Produce operational reports on audit status/risk metrics; contribute to process improvements.

Requirements

• Exceptional attention to detail
• Strong written communication skills
• Professional discretion handling sensitive information
• Foundational understanding of information security concepts (access control, encryption, incident response)
• Exposure or interest in ISO/IEC 27001 or AI governance frameworks (ISO/IEC 42001)
• Suitable for junior candidates (1–3 years) in security, IT, risk, compliance, audit, or related fields, or equivalent demonstrated capability.
• Minimum requirement: Candidate must hold or be able to achieve the ISC2 Certified in Cybersecurity (CC) certification within an agreed onboarding period (company-supported).

Nice-to-haves

• Experience supporting audits, vendor risk reviews or privacy compliance is advantageous
• Familiarity with GRC/ticketing/documentation platforms (e.g., ServiceNow/Jira)
• Bachelor’s degree in information security, IT, Risk Management, Compliance, or similar is beneficial but not required with relevant experience.

Benefits

• You'll receive up to a 7% pension contribution, life insurance, income protection, and private medical insurance for peace of mind.
• Enjoy flexible working arrangements, including flexible hybrid working, along with the option to work from anywhere across the globe two weeks each year.
• We provide 25 days of annual leave plus two personal well-being days, along with gifted end-of-year holidays and an early Summer Friday finish in June, July, and August.
• Access free counselling through our employee assistance program, as well as personalized health support.
• Enhanced maternity, paternity, family leave, and fertility policies provide support across every stage of your family-planning journey, as well as on-demand support from our partner Peppy.
• You can also benefit from continuous opportunities to professionally develop with on-demand training, support, and global mobility opportunities across the business.