Information Security GRC Analyst

About the Role

We are seeking an experienced Information Security Analyst to support the delivery of governance, risk, and compliance (GRC) services for one of our leading clients.

Working closely with senior stakeholders, technology teams, and security leadership, you will play a key role in strengthening the organisation's cyber security posture through effective risk management, compliance assurance, and security governance activities. You will support the implementation and maintenance of recognised security frameworks and standards while helping to drive security improvements across business and technology functions.

This is an excellent opportunity for a security professional, who is comfortable operating in a client-facing environment and can provide pragmatic, risk-based security advice.

Key Responsibilities

• Support the delivery of cybersecurity governance, risk, and compliance activities, ensuring alignment with frameworks including ISO 27001, NIST Cybersecurity Framework, Cyber Essentials, and GovAssure.
• Conduct information security risk assessments across business processes, programmes, projects, technology platforms, and third-party suppliers.
• Maintain security risk registers, track remediation actions, and support the effective management of cyber risk across business and technology functions.
• Produce high-quality security documentation, including policies, standards, compliance evidence, assessment reports, and executive-level reporting.
• Support internal and external audits, control reviews, assurance activities, and compliance assessments.
• Facilitate workshops and engage with stakeholders across technical, programme, operational, and leadership teams to gather requirements, collect evidence, and drive security initiatives.
• Support supplier assurance and third-party risk management activities.
• Assist with the development and continuous improvement of security governance processes and controls.
• Support in embedding security best practices, data governance, and Secure by Design principles across recovery, transformation, and operational workstreams.
• Contribute to security awareness, risk reporting, and governance activities across the client environment.

Skills & Experience

Essential

• 3–5 years' experience in Information Security, Cyber Security, Governance, Risk & Compliance, IT Audit, or Risk Management roles.
• Experience conducting information security risk assessments and control reviews.
• Strong understanding of information security governance and risk management principles.
• Working knowledge of ISO 27001 and information security management systems.
• Familiarity with security frameworks and standards including NIST Cybersecurity Framework and Cyber Essentials.
• Experience supporting audit, compliance, or assurance activities.
• Strong stakeholder engagement and communication skills.
• Excellent report writing, documentation, and presentation capabilities.
• Ability to communicate complex security concepts to both technical and non-technical audiences.
• Able to work in London 2-3 days per week.

Desirable

• Experience working within government, public sector, regulated, or enterprise environments.
• Knowledge of GovAssure assessments and public sector security requirements.
• Familiarity with cloud environments including Microsoft Azure and AWS.
• Experience using GRC platforms and risk management tooling.
• Understanding of Secure by Design and security architecture principles.

Certifications

One or more of the following would be advantageous:

• ISO 27001 Lead Implementer or Lead Auditor
• Security+
• CGRC
• CISA
• CRISC
• CISSP (or Associate CISSP)