GRC Lead & Business Analyst

GRC Lead & Business Analyst

Posted 1 week ago by Ubique Systems

Apply
Negotiable
Undetermined
Undetermined
Birmingham, England, United Kingdom
Apply
Automation Business Analysis Business Process Business Requirements Device Tracking Software Finance Governance Risk Management And Compliance Management Operational Efficiency Process Optimisation Requirements Elicitation Risk Management Risk Mitigation Risk Register Security Awareness Stakeholder Management

Summary: The GRC Lead & Business Analyst is tasked with managing the Governance, Risk, and Compliance (GRC) framework while performing business analysis to improve risk management and regulatory compliance. This role involves collaboration with various departments to enforce policies and implement best practices. Key activities include risk assessments, compliance audits, and process optimization to enhance operational efficiency. The position requires a strategic approach to align GRC practices with business objectives.

Key Responsibilities:

  • Develop, implement, and maintain GRC policies, frameworks, and procedures aligned with industry standards and regulatory requirements.
  • Conduct workshops to gather requirements for risk assessments and security reviews.
  • Maintain a risk register and track risk management initiatives.
  • Lead third-party/vendor risk assessments requirement gathering.
  • Collaborate with leadership to align GRC practices with business objectives.
  • Manage compliance audits and coordinate with internal/external auditors.
  • Conduct compliance monitoring and provide periodic reports on adherence to policies.
  • Gather and analyze business requirements for GRC initiatives.
  • Identify gaps in current GRC processes and recommend process improvements.
  • Develop dashboards and reports for leadership to track compliance, risks, and control effectiveness.
  • Plan, coordinate, and lead internal and external compliance audits.
  • Document and track compliance findings, ensuring timely remediation.
  • Prepare compliance reports, risk scorecards, and assurance documentation for senior management.
  • Serve as a liaison between business units, IT, legal, and compliance teams.
  • Conduct compliance and security awareness training for employees.
  • Communicate risk and compliance updates to senior leadership.

Key Skills:

  • Strong knowledge of Governance, Risk, and Compliance (GRC) frameworks.
  • Experience with regulatory requirements such as ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS.
  • Proficient in business analysis and process optimization.
  • Excellent communication and stakeholder management skills.
  • Ability to conduct audits and compliance monitoring.
  • Experience in developing and implementing assurance programs.
  • Familiarity with GRC tools and software solutions.

Salary (Rate): undetermined

City: Birmingham

Country: United Kingdom

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: Other

Detailed Description From Employer:

Job Summary: The GRC Lead & Business Analyst is responsible for managing the organization's Governance, Risk, and Compliance (GRC) framework while also performing business analysis to enhance risk management, regulatory compliance, and operational efficiency. This role involves assessing risks, ensuring compliance, conducting audits, analyzing business processes, and driving GRC-related projects. The GRC Lead Cum BA will work closely with IT, legal, finance, and business units to enforce policies, ensure compliance, and implement best practices for governance, risk, and assurance.

Key Responsibilities:

  • Governance, Risk & Compliance (GRC) Management Develop, implement, and maintain GRC policies, frameworks, and procedures aligned with industry standards and regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS). Conduct workshops to gather requirements for risk assessments and security reviews, ensuring risk mitigation strategies are in place. Maintain a risk register and track risk management initiatives. Lead third-party/vendor risk assessments requirement gathering, ensuring supplier security and compliance. Collaborate with leadership to align GRC practices with business objectives.
  • Compliance & Assurance Ensure the organization meets regulatory requirements and industry best practices. Manage compliance audits (ISO 27001, SOC 2, PCI DSS, GDPR, HIPAA) and coordinate with internal/external auditors. Conduct compliance monitoring and provide periodic reports on adherence to policies. Develop and implement assurance programs to validate control effectiveness. Stay updated on changing regulations and emerging compliance risks.
  • Business Analysis & Process Optimization Gather and analyze business requirements for GRC initiatives, ensuring alignment with security, risk, and compliance goals. Identify gaps in current GRC processes and recommend process improvements. Collaborate with IT and security teams to implement automation for risk and compliance tracking. Develop dashboards and reports for leadership to track compliance, risks, and control effectiveness. Support the evaluation and selection of GRC tools and software solutions.
  • Audit, Reporting & Documentation Plan, coordinate, and lead internal and external compliance audits. Document and track compliance findings, ensuring timely remediation. Prepare compliance reports, risk scorecards, and assurance documentation for senior management. Ensure security controls and risk mitigations are well-documented and auditable.
  • Stakeholder Communication & Training Serve as a liaison between business units, IT, legal, and compliance teams. Conduct compliance and security awareness training for employees. Communicate risk and compliance updates to senior leadership.
Apply
Similar Jobs
Loading data...