Summary: The GRC Lead & Business Analyst is tasked with overseeing the Governance, Risk, and Compliance (GRC) framework while performing business analysis to improve risk management and regulatory compliance. This role requires collaboration with various departments to enforce policies and implement best practices. Key activities include risk assessments, compliance audits, and process optimization to enhance operational efficiency. The position demands a strategic approach to align GRC initiatives with business objectives.

Key Responsibilities:

• Develop, implement, and maintain GRC policies, frameworks, and procedures aligned with industry standards and regulatory requirements.
• Conduct workshops to gather requirements for risk assessments and security reviews, ensuring risk mitigation strategies are in place.
• Maintain a risk register and track risk management initiatives.
• Lead third-party/vendor risk assessments requirement gathering, ensuring supplier security and compliance.
• Collaborate with leadership to align GRC practices with business objectives.
• Manage compliance audits and coordinate with internal/external auditors.
• Conduct compliance monitoring and provide periodic reports on adherence to policies.
• Develop and implement assurance programs to validate control effectiveness.
• Gather and analyze business requirements for GRC initiatives, ensuring alignment with security, risk, and compliance goals.
• Identify gaps in current GRC processes and recommend process improvements.
• Collaborate with IT and security teams to implement automation for risk and compliance tracking.
• Plan, coordinate, and lead internal and external compliance audits.
• Document and track compliance findings, ensuring timely remediation.
• Prepare compliance reports, risk scorecards, and assurance documentation for senior management.
• Serve as a liaison between business units, IT, legal, and compliance teams.
• Conduct compliance and security awareness training for employees.
• Communicate risk and compliance updates to senior leadership.

Key Skills:

• Strong knowledge of Governance, Risk, and Compliance frameworks and standards (ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS).
• Experience in conducting risk assessments and compliance audits.
• Proficiency in business analysis and process optimization.
• Ability to develop and implement GRC policies and procedures.
• Strong communication and stakeholder management skills.
• Experience with compliance monitoring and reporting.
• Familiarity with GRC tools and software solutions.
• Ability to conduct training and awareness programs.

Salary (Rate): undetermined

City: Manchester Area

Country: United Kingdom

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: Other