Security Analyst - GRC/Audit

Summary: The role of Contract Security Analyst - GRC/Audit involves supporting a comprehensive review of security controls across critical business systems and applications, with a focus on aligning with NIST CSF v2.0. The candidate will conduct audits, assess the effectiveness of security measures, and identify risks associated with control gaps. This position requires a strong audit mindset and the ability to document findings and work with stakeholders on remediation plans. The role is remote and classified as outside IR35.

Key Responsibilities:

• Conducting audit style assessments across SaaS platforms, bespoke applications, infrastructure, and cloud environments
• Evaluating current controls against updated policies and frameworks (NIST CSF v2.0)
• Performing gap analysis to assess how fit for purpose current controls are
• Identifying control gaps or Legacy issues, and documenting findings in structured, actionable reports
• Working with stakeholders to define and track mitigation and remediation plans
• Identify control gaps, Legacy issues, and areas of non-compliance.
• Applying professional scepticism to uncover blind spots and validate that controls are genuinely in place and effective

Key Skills:

• Proven experience in security auditing, GRC, or control assurance roles
• Strong knowledge of security control frameworks (eg NIST CSF, ISO 27001, CIS)
• Comfortable performing control testing, evidence gathering, and reporting against compliance requirements
• Broad technical understanding across cloud (especially AWS), infrastructure, and applications
• Excellent stakeholder management and communication skills
• Exposure to tools like Splunk, Crowdstrike, MITRE ATT&CK, Kubernetes (nice to have)

Salary (Rate): undetermined

City: undetermined

Country: UK

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Contract Security Analyst - GRC/Audit

6 months | Remote (UK) | Outside IR35

We're looking for an experienced Security Analyst with an audit first mindset to support a group wide review of security controls across business critical systems, infrastructure, and applications. This work forms part of a broader programme to align with NIST CSF v2.0.

You'll be reviewing the design and effectiveness of security controls, conducting evidence based assessments, and identifying risks where controls are missing or ineffective.

Delivery Areas:

• Conducting audit style assessments across SaaS platforms, bespoke applications, infrastructure, and cloud environments

• Evaluating current controls against updated policies and frameworks (NIST CSF v2.0)

• Performing gap analysis to assess how fit for purpose current controls are

• Identifying control gaps or Legacy issues, and documenting findings in structured, actionable reports

• Working with stakeholders to define and track mitigation and remediation plans

• Identify control gaps, Legacy issues, and areas of non-compliance.

• Applying professional scepticism to uncover blind spots and validate that controls are genuinely in place and effective

Requirements:

• Proven experience in security auditing, GRC, or control assurance roles

• Strong knowledge of security control frameworks (eg NIST CSF, ISO 27001, CIS)

• Comfortable performing control testing, evidence gathering, and reporting against compliance requirements

• Broad technical understanding across cloud (especially AWS), infrastructure, and applications

• Excellent stakeholder management and communication skills

• Exposure to tools like Splunk, Crowdstrike, MITRE ATT&CK, Kubernetes (nice to have)