Job Description
Role:
Governance, Risk & Compliance (GRC) Analyst
Employment Type:
Permanent, Full Time
Department:
Security / IT
Reporting to:
Governance, Risk & Compliance Manager
About the Role
We are seeking a Governance, Risk & Compliance (GRC) Analyst to support the operation, maintenance, and continuous improvement of IT governance, risk, and compliance frameworks. Working closely with the GRC Manager and Senior GRC Analyst, this role plays a key part in ensuring compliance with regulatory requirements, supporting audit activities, and strengthening risk management practices across the organisation.
This is an excellent opportunity for a GRC professional looking to deepen their experience in a structured, regulated environment while contributing to meaningful uplift in security and compliance maturity.
Key Responsibilities
Governance, Risk & Compliance
- Support the development, maintenance, and review of IT governance policies, standards, and procedures.
- Maintain and update GRC registers, including risk, exception, vendor, and obligations registers.
- Contribute to the ongoing maintenance and improvement of the Information Security Management System (ISMS).
- Assist with privacy impact assessments and vendor risk assessments.
Risk Management & Assurance
- Conduct and support risk assessments for new and existing systems, projects, and changes.
- Identify compliance gaps, control weaknesses, and contribute to remediation recommendations.
- Follow up and track corrective actions arising from audits and assessments to closure.
Audit & Compliance
- Prepare and maintain compliance documentation, audit artefacts, and evidence packs.
- Support internal and external audits and assurance activities (e.g. ISO 27001).
- Ensure accuracy, integrity, and traceability of risk and compliance data.
Stakeholder Engagement
- Build effective working relationships across IT and business units to support evidence collection and policy adherence.
- Provide clear and timely communication regarding compliance requirements and audit actions.
- Assist with vendor reviews and engagement with auditors and external assurance providers.
Continuous Improvement
- Contribute to team initiatives that uplift capability, improve documentation, and streamline processes.
- Maintain current knowledge of GRC frameworks, legislation, and best-practice security controls.
Skills & Experience
Essential
- 2+ years’ experience in Governance, Risk & Compliance or Information Security.
- Experience supporting audits, risk assessments, or compliance control activities.
- Working knowledge of frameworks such as ISO 27001, NIST CSF, ISM, COBIT, and ISO 31000.
- Understanding of privacy legislation and the Notifiable Data Breaches (NDB) Scheme.
- Strong documentation skills and attention to detail.
- Proficiency with Microsoft Office and collaboration tools (e.g. Confluence, Asana).
Desirable
- Experience in healthcare, finance, or another regulated industry.
- Exposure to security and monitoring tools (e.g. Splunk, Tenable, Darktrace).
- Experience with ITSM platforms such as ServiceNow or Remedy.
Qualifications
Desirable
- Bachelor’s degree in IT, Computer Science, or a related field.
- Working towards or holding certifications such as ISO 27001 Auditor, CISA, CRISC, CGEIT, or IRAP Readiness.
Please apply with current resume in Microsoft Word format only (.doc or .docx). If you would like to have a confidential discussion, please contact Alex Coroneo on alex.coroneo@davidsonwp.com, quoting reference to the GRC Analyst role. Want to know more about Davidson? Visit us at www.davidsonwp.com
