Technology Governance, Risk and Compliance Business Analyst
Posted 2 days ago by Broadgate
Negotiable
Undetermined
Hybrid
London Area, United Kingdom
Summary: The role of Technology Governance, Risk and Compliance Business Analyst at Broadgate involves consulting for client projects with a focus on information security management systems, particularly in alignment with ISO 27001 standards. The position requires a hybrid working arrangement, necessitating attendance at the London office and potential travel. Key responsibilities include conducting risk assessments, maintaining the ISMS, and collaborating with various teams to ensure secure business operations.
Key Responsibilities:
- Support and maintain the organisation’s ISMS in line with ISO 27001 controls and clauses
- Assist in risk treatment planning and tracking remediation efforts
- Maintain and review the Statement of Applicability (SoA) and ensure controls are effectively implemented
- Provide input for management reviews and improvement actions for the ISMS
- Conduct regular risk assessments and risk reviews across systems, vendors, and business processes
- Identify, evaluate, and prioritise information security and operational risks
- Track and maintain the risk register with clear risk ownership, mitigation strategies, and timelines
- Work with control owners to assess residual risk and document decisions effectively
- Communicate risks to stakeholders with actionable recommendations and business context
- Collaborate with IT, legal, and compliance teams to support secure business operations
Key Skills:
- Strong understanding of ISO/IEC 27001:2022 standard and Information Security Management Systems (ISMS)
- Proven experience conducting risk assessments in alignment with ISO 27001 and related frameworks (e.g., NIST, CIS)
- Experience with risk management methodologies (e.g., qualitative/quantitative analysis, risk matrices)
- Hands-on experience using GRC tools (e.g., Archer, RiskWatch, ServiceNow GRC, OneTrust)
Salary (Rate): undetermined
City: London
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Company Description At Broadgate, we are dedicated to helping organizations accelerate technology change to enable growth and deliver operational efficiencies. We add value to our clients by lowering costs, optimizing performance, and increasing profitability. Our services include Strategic Advice, Operating Models, Cyber Security, Sourcing and Contract Management, and Change Management.
Role We require a consultant for client projects. The role is hybrid, with the candidate being available to attend the London office and also travel (such as to North East).
Core Competencies & Experience Strong understanding of ISO/IEC 27001:2022 standard and Information Security Management Systems (ISMS) Proven experience conducting risk assessments in alignment with ISO 27001 and related frameworks (e.g., NIST, CIS) Experience with risk management methodologies (e.g., qualitative/quantitative analysis, risk matrices) Hands-on experience using GRC tools (e.g., Archer, RiskWatch, ServiceNow GRC, OneTrust)
ISO 27001 Responsibilities Support and maintain the organisation’s ISMS in line with ISO 27001 controls and clauses Assist in risk treatment planning and tracking remediation efforts Maintain and review the Statement of Applicability (SoA) and ensure controls are effectively implemented Provide input for management reviews and improvement actions for the ISMS
Day-to-Day Risk Management Conduct regular risk assessments and risk reviews across systems, vendors, and business processes Identify, evaluate, and prioritise information security and operational risks Track and maintain the risk register with clear risk ownership, mitigation strategies, and timelines Work with control owners to assess residual risk and document decisions effectively Communicate risks to stakeholders with actionable recommendations and business context Collaborate with IT, legal, and compliance teams to support secure business operations