GRC Analyst

Marcus Donald are currently looking for a Governance, Risk & Compliance Analyst to join a large & Global Business Consulting firm. You will need to confidently perform third-party security vendor diligence and liaise with business / external stakeholders to perform assessments and identify risk.

**Hybrid role: 3 days per week in London office**

This is a great opportunity for an experienced GRC specialist to execute the companies heightened security processes. Someone with at least 2-3 years’ experience within security governance, risk and compliance is necessary, as the motivation and aptitude to learn and grow is a key feature.

Governance, Risk & Compliance Analyst – Responsibilities:

• Support daily activities of the GRC function
• Respond to client security questionnaires, RFP/RFI’s, and audit requests
• Ensure appropriate security measures are in place at the engagement level
• Supporting client questionnaires and audit requests
• Support performance of third-party supplier assessments
• Work closely with business stakeholders to align security measures within risk
• Support cybersecurity related initiatives as required
• Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities

Governance, Risk & Compliance Analyst – Technical:

• Strong understanding of security controls with the ability to effectively assess and communicate technical security requirements
• 2-3 years’ experience in security governance, risk, and compliance
• Strong experience responding to client/customer security inquires
• Broad and solid understanding of cyber security concepts and risks
• Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports
• Working knowledge of common audit and compliance tools. Experience with a GRC tool is a plus
• Strong analytical thinking, written, and oral communication skills

Governance, Risk & Compliance Analyst – Education:

• Bachelor’s degree – preferably in Information Security, Computer Science or related area
• Industry recognised certification in security (e.g., CISSP, CISA, CISM, CRISC, ISO27001)

This really is a great opportunity for the right person with that GRC, Risk Assessment and Security background to grow and establish themselves within a large and well-known organisation. If you feel you have relevant GRC experience (2-3 years), have the confidence to communicate with Business Stakeholders and deliver upon/perform third-party security vendor diligence please get in touch.

Should you want to find out more about the role, responsibilities and understand the company a little more, please apply or furthermore email bjames@marcusdonald.com.