GRC Lead Business Analyst

Summary: The GRC Lead & Business Analyst is tasked with overseeing the Governance, Risk, and Compliance (GRC) framework of the organization while enhancing risk management and regulatory compliance through business analysis. This role requires collaboration with various departments to enforce policies and implement best practices. Key activities include risk assessments, compliance audits, and process optimization to ensure operational efficiency. The position is hybrid, based in London, Birmingham, or Manchester.

Key Responsibilities:

• Develop, implement, and maintain GRC policies, frameworks, and procedures aligned with industry standards and regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS).
• Conduct workshops to gather requirements for risk assessments and security reviews, ensuring risk mitigation strategies are in place.
• Maintain a risk register and track risk management initiatives.
• Lead third-party/vendor risk assessments requirement gathering, ensuring supplier security and compliance.
• Collaborate with leadership to align GRC practices with business objectives.
• Manage compliance audits (ISO 27001, SOC 2, PCI DSS, GDPR, HIPAA) and coordinate with internal/external auditors.
• Conduct compliance monitoring and provide periodic reports on adherence to policies.
• Develop and implement assurance programs to validate control effectiveness.
• Stay updated on changing regulations and emerging compliance risks.
• Gather and analyze business requirements for GRC initiatives, ensuring alignment with security, risk, and compliance goals.
• Identify gaps in current GRC processes and recommend process improvements.
• Collaborate with IT and security teams to implement automation for risk and compliance tracking.
• Develop dashboards and reports for leadership to track compliance, risks, and control effectiveness.
• Support the evaluation and selection of GRC tools and software solutions.
• Plan, coordinate, and lead internal and external compliance audits.
• Document and track compliance findings, ensuring timely remediation.
• Prepare compliance reports, risk scorecards, and assurance documentation for senior management.
• Ensure security controls and risk mitigations are well-documented and auditable.
• Serve as a liaison between business units, IT, legal, and compliance teams.
• Conduct compliance and security awareness training for employees.
• Communicate risk and compliance updates to senior leadership.

Key Skills:

• Strong knowledge of Governance, Risk, and Compliance (GRC) frameworks and standards.
• Experience in conducting risk assessments and compliance audits.
• Proficiency in business analysis and process optimization.
• Ability to collaborate effectively with cross-functional teams.
• Excellent communication and stakeholder management skills.
• Familiarity with GRC tools and software solutions.
• Strong analytical and problem-solving skills.
• Knowledge of regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS).

Salary (Rate): undetermined

City: London

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: undetermined

Seniority Level: undetermined

Industry: Other