GRC Analyst

Please NoteTo be considered for this role, applicants must:Hold a relevant university degree in Cyber Security, Information Security, Computer Science, Information Systems, Technology, Risk Management or a related fieldHave experience working within a SaaS software companyHave experience operating within Microsoft 365, Azure and Entra ID environmentsHave hands-on experience with compliance automation platforms such as Vanta, Drata, Secureframe, Sprinto or similar About the CompanyWe're partnering with a rapidly growing B2B SaaS company whose platform is deeply integrated with Microsoft 365 and Microsoft Teams. The business works with enterprise and mid-market organisations globally, including customers operating in highly regulated sectors. As customer requirements continue to evolve, security, compliance and trust have become increasingly important drivers of both customer acquisition and retention. The company has invested heavily in building a mature security and compliance function and already maintains certifications including SOC 2 Type 2 and ISO 27001. Given the nature of the product and customer environment, Microsoft technologies sit at the core of the business, making experience within Microsoft 365, Azure and Entra ID environments particularly important for this position. With continued international growth and increasing enterprise adoption, they are now looking to strengthen their Governance, Risk & Compliance capability through the addition of a GRC Specialist. The RoleThis is a hands-on Governance, Risk & Compliance role operating at the intersection of compliance, security and customer trust. You'll be responsible for the day-to-day operation of the company's compliance programmes, helping maintain certifications, support customer security requirements and ensure compliance processes continue to scale alongside the business. Working closely with leadership, engineering, legal and external auditors, you'll play an important role in maintaining the company's security and compliance posture while helping support enterprise customer relationships and commercial growth. Given the company's Microsoft-centric technology environment, you'll regularly work alongside teams responsible for Microsoft 365, Azure and Entra ID, helping ensure compliance controls, governance processes and security requirements align with both internal standards and customer expectations. The role combines framework management, audit coordination, customer-facing security engagement and ongoing compliance operations within a fast-growing SaaS environment. ResponsibilitiesOperate and maintain ongoing SOC 2 Type 2 and ISO 27001 compliance programmesCoordinate audit cycles and work closely with external auditorsManage evidence collection, remediation tracking and control monitoringOperate and maintain compliance tooling such as VantaSupport enterprise sales processes through security questionnaires and customer due diligenceParticipate in customer security and compliance review callsReview and support DPAs, NDAs and security-related contractual termsMaintain and evolve the company's Trust Center and public-facing compliance documentationWork closely with engineering, product and leadership teams on security and compliance initiatives across Microsoft 365, Azure and Entra ID environmentsSupport future framework expansion across additional compliance standardsSupport enterprise customer procurement and vendor risk assessment processesOwn customer-facing trust and compliance documentation

What We're Looking ForRelevant university degree in Cyber Security, Information Security, Computer Science, Information Systems, Technology, Risk Management or a related fieldExperience working within a B2B SaaS or cloud software environmentExperience supporting and operating SOC 2 Type 2 and ISO 27001 programmesHands-on experience with compliance automation platforms such as Vanta, Drata, Secureframe, Sprinto or similarExperience operating within Microsoft 365, Azure and Entra ID environmentsUnderstanding of Microsoft identity, access management and security controlsExperience supporting enterprise sales teams through security questionnaires, customer audits and due diligence exercisesStrong understanding of cloud infrastructure, identity management and modern SaaS environmentsPractical knowledge of GDPR and privacy requirementsStrong organisational skills with the ability to manage multiple compliance workstreams simultaneouslyExcellent communication skills and the ability to engage confidently with both technical and non-technical stakeholdersComfortable working independently within a scaling business environment Nice to HaveExperience supporting Microsoft-focused SaaS products or platformsExperience with ISO 42001 (AI Governance)Experience supporting FedRAMP, NIST, HIPAA or TISAX initiativesCertifications such as CISA, CISM, CRISC, CIPP/E or ISO 27001 Lead AuditorExperience working within scale-up or high-growth technology businesses