GRC Analyst
Role details
Job location
Tech stack
Job description
The Analyst will provide practical support to the VP of GRC in operating and continuously improving AutoRek's GRC control framework. This includes assisting with risk assessments, control testing against ISO and SOC standards, issue and action tracking, incident trend analysis, key risk indicator monitoring, governance reporting and assurance activity across technology change, cloud-hosted services, supplier dependencies and operational environments.
This is an excellent development opportunity for risk professional or technology-focused analyst who wants to build specialist expertise in technology risk or GRC supporting financial services clients. The role will provide direct exposure to GRC oversight, governance forums, control assurance, client due diligence, operational resilience, third-party technology risk, automation and emerging technologies such as artificial intelligence.
Requirements
We are looking for a proactive, curious and analytical individual who is keen to develop their expertise in technology risk management, governance and assurance within a regulated financial services and SaaS environment. The successful candidate will be comfortable working with data, asking questions, engaging with stakeholders and translating risk information into clear, actionable insight for review by the VP of GRC and wider management.
- Experience in a risk, audit, technology, cyber security, data, controls, SaaS, financial services or related role, with an interest in developing a career in technology risk management.
- A good understanding of technology risk, operational risk, internal controls, governance frameworks or the risk expectations of regulated financial services clients, with a willingness to learn and develop specialist knowledge.
- Interest in technology, cyber security, data governance, cloud services, IT outsourcing, operational resilience, automation and emerging technologies such as AI.
- Strong analytical skills, attention to detail and ability to interpret risk, control, incident and assurance data.
- Clear written and verbal communication skills, with the ability to summarise information for technical, non-technical, governance and client assurance audiences.
- Good organisational skills, with the ability to manage priorities, track actions and follow through on deliverables in a control-focused environment.
- Collaborative working style, with confidence engaging stakeholders across Technology, Risk, Audit, Client Success and business teams.
- Proficiency in Microsoft Office, particularly Excel, PowerPoint and Word, with an interest in improving reporting through data and automation.
Desirable experience
- Awareness of recognised risk, technology or security frameworks such as ISO 27001, NIST, COBIT, SOC 2 or similar.
- Exposure to GRC, service management, supplier risk or client assurance tools such as ServiceNow, Prevalent or similar platforms.
- Degree, apprenticeship, placement or equivalent experience in information technology, business, risk management, cyber security, data, audit, financial services or a related discipline.
- Awareness of UK/EU regulatory expectations relevant to technology, outsourcing, operational resilience, data protection or information security in financial services (GDPR, DORA, Op Res)
- Interest in using data, automation or AI tools to improve reporting, monitoring, evidence management or process efficiency.