GRC Lead & Business Analyst

Summary: The GRC Lead & Business Analyst is tasked with overseeing the Governance, Risk, and Compliance (GRC) framework of the organization while performing business analysis to improve risk management and regulatory compliance. This role requires collaboration with various departments to enforce policies and implement best practices. Key activities include risk assessment, compliance audits, and process optimization to enhance operational efficiency. The position demands a strategic approach to align GRC initiatives with business objectives.

Key Responsibilities:

• Develop, implement, and maintain GRC policies, frameworks, and procedures aligned with industry standards and regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS).
• Conduct workshops to gather requirements for risk assessments and security reviews, ensuring risk mitigation strategies are in place.
• Maintain a risk register and track risk management initiatives.
• Lead third-party/vendor risk assessments requirement gathering, ensuring supplier security and compliance.
• Collaborate with leadership to align GRC practices with business objectives.
• Manage compliance audits (ISO 27001, SOC 2, PCI DSS, GDPR, HIPAA) and coordinate with internal/external auditors.
• Conduct compliance monitoring and provide periodic reports on adherence to policies.
• Develop and implement assurance programs to validate control effectiveness.
• Stay updated on changing regulations and emerging compliance risks.
• Gather and analyze business requirements for GRC initiatives, ensuring alignment with security, risk, and compliance goals.
• Identify gaps in current GRC processes and recommend process improvements.
• Collaborate with IT and security teams to implement automation for risk and compliance tracking.
• Develop dashboards and reports for leadership to track compliance, risks, and control effectiveness.
• Support the evaluation and selection of GRC tools and software solutions.
• Plan, coordinate, and lead internal and external compliance audits.
• Document and track compliance findings, ensuring timely remediation.
• Prepare compliance reports, risk scorecards, and assurance documentation for senior management.
• Ensure security controls and risk mitigations are well-documented and auditable.
• Serve as a liaison between business units, IT, legal, and compliance teams.
• Conduct compliance and security awareness training for employees.
• Communicate risk and compliance updates to senior leadership.

Key Skills:

• Strong knowledge of Governance, Risk, and Compliance frameworks and standards (ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS).
• Experience in conducting compliance audits and managing compliance programs.
• Proficient in business analysis and process optimization.
• Ability to develop and implement risk management strategies.
• Excellent communication and stakeholder management skills.
• Experience with GRC tools and software solutions.
• Strong analytical and problem-solving skills.
• Ability to conduct training and awareness programs.

Salary (Rate): undetermined

City: Manchester Area

Country: United Kingdom

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: Other