Junior GRC Business Analyst

The Role As Governance, Risk and Compliance Business Analyst, you will:

• Support and maintain the organisation's ISMS in alignment with ISO 27001 controls and clauses
• Assist in risk treatment planning, track remediation efforts, and contribute to continuous improvement
• Maintain and review the Statement of Applicability (SoA), ensuring effective implementation of controls
• Provide valuable input for management reviews and drive ISMS improvement actions
• Conduct regular risk assessments and reviews across systems, vendors, and business processes
• Identify, evaluate, and prioritise information security and operational risks
• Maintain and update the risk register, including clear ownership, mitigation strategies, and timelines
• Collaborate with control owners to assess residual risk and document risk decisions
• Communicate risks to stakeholders with clear, actionable recommendations and business context
• Work closely with IT, legal, and compliance teams to enable secure and compliant business operations

• 2-3 years' relevant experience in business analysis and governance, risk, compliance, or information security
• Practical understanding of ISO 27001 frameworks, risk assessment methodologies, and ISMS maintenance
• Experience maintaining risk registers, tracking remediation, and supporting risk treatment plans
• Strong analytical skills with the ability to evaluate risks, prioritise issues, and provide clear recommendations
• Excellent communication skills to engage stakeholders and present risks in a business-friendly way
• Collaborative mindset and comfort working across teams (IT, legal, compliance)
• Prior exposure to professional services, financial services, or regulated environments is advantageous
• Motivated self-starter eager to develop expertise in GRC and information security