Period
to 19 April 2021

The following table provides summary statistics for permanent job vacancies with a requirement for GRC skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited GRC over the 6 months to 19 April 2021 with a comparison to the same period in the previous 2 years.

Governance, Risk Management and Compliance (GRC)
UK
6 months to
19 Apr 2021
Same period 2020 Same period 2019
Rank 586 680 738
Rank change year-on-year +94 +58 +43
Permanent jobs citing GRC 282 287 386
As % of all permanent jobs advertised in the UK 0.33% 0.26% 0.26%
As % of the Quality Assurance & Compliance category 2.73% 2.11% 1.84%
Number of salaries quoted 209 211 260
10th Percentile £43,000 £38,750 £42,500
25th Percentile £52,500 £43,750 £51,250
Median annual salary (50th Percentile) £65,000 £60,000 £65,000
Median % change year-on-year +8.33% -7.69% -
75th Percentile £80,000 £80,000 £81,563
90th Percentile £95,000 £88,750 £95,000
UK excluding London median annual salary £57,500 £55,000 £60,000
% change year-on-year +4.55% -8.33% -4.00%

GRC is in the Quality Assurance and Compliance category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for quality assurance or compliance skills.

All Quality Assurance and Compliance Skills
UK
Permanent vacancies with a requirement for quality assurance or compliance skills 10,334 13,625 20,958
As % of all permanent IT jobs advertised in the UK 12.27% 12.38% 14.12%
Number of salaries quoted 7,215 10,585 15,394
10th Percentile £31,250 £28,750 £27,625
25th Percentile £40,977 £37,500 £37,500
Median annual salary (50th Percentile) £52,500 £52,500 £50,000
Median % change year-on-year - +5.00% -
75th Percentile £70,000 £70,000 £67,500
90th Percentile £85,000 £85,000 £82,500
UK excluding London median annual salary £47,500 £45,000 £45,000
% change year-on-year +5.56% - -

GRC
Job Vacancy Trend

Job postings citing GRC as a proportion of all IT jobs advertised.

Job vacancy trend for GRC in the UK

GRC
Salary Trend

3-month moving average salary quoted in jobs citing GRC.

Salary trend for GRC in the UK

GRC
Salary Histogram

Salary distribution for jobs citing GRC over the 6 months to 19 April 2021.

Salary histogram for GRC in the UK

GRC
Top 14 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing GRC within the UK over the 6 months to 19 April 2021. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +118 250 £65,000 +8.33% 22
London +98 125 £70,000 - 14
UK excluding London +95 122 £57,500 +4.55% 8
Work from Home -110 46 £75,000 +15.38% 2
South East +67 42 £56,250 -6.25% 3
Midlands +28 33 £49,250 -6.19% 1
West Midlands +16 31 £48,000 +1.05% 1
North of England +34 22 £60,000 +14.29% 2
East of England +54 18 £75,000 +5.26% 1
Yorkshire +12 11 £58,750 +46.88%
North West +28 9 £60,000 +9.09% 1
South West +16 4 £70,000 +100.00% 1
Wales +26 3 £47,500 +11.76%
North East - 2 £80,000 - 1

For the 6 months to 19 April 2021, IT jobs citing GRC also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for GRC.

1 170 (60.28%) Information Security
2 119 (42.20%) Cybersecurity
3 105 (37.23%) ISO/IEC 27001
4 89 (31.56%) Risk Management
5 72 (25.53%) CISSP
6 64 (22.70%) Azure
7 63 (22.34%) Finance
7 63 (22.34%) Management Information System
8 55 (19.50%) Agile Software Development
9 54 (19.15%) SaaS
9 54 (19.15%) GDPR
10 53 (18.79%) PCI DSS
11 50 (17.73%) ITIL
12 49 (17.38%) CISM
12 49 (17.38%) Degree
13 47 (16.67%) Security Operations
14 45 (15.96%) NIST
14 45 (15.96%) .NET
15 41 (14.54%) CISA
16 39 (13.83%) DevOps
17 34 (12.06%) Stakeholder Management
17 34 (12.06%) ISMS
18 33 (11.70%) Security Architecture
19 31 (10.99%) ServiceNow
19 31 (10.99%) Security Management
20 30 (10.64%) C#
21 28 (9.93%) COBIT
21 28 (9.93%) Public Sector
22 27 (9.57%) Continuous Improvement
23 26 (9.22%) SIEM

GRC
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 9 (3.19%) IIS
1 9 (3.19%) SharePoint
2 5 (1.77%) OpenStack
3 4 (1.42%) Apache Airflow
3 4 (1.42%) Gunicorn
4 2 (0.71%) Confluence
5 1 (0.35%) Elasticsearch
5 1 (0.35%) MS Exchange
Applications
1 19 (6.74%) Microsoft Excel
2 16 (5.67%) MS Visio
3 14 (4.96%) Microsoft PowerPoint
4 1 (0.35%) Microsoft Project
Business Applications
1 7 (2.48%) SAP CRM
2 5 (1.77%) SAP GRC
2 5 (1.77%) Sparx Enterprise Architect
3 2 (0.71%) NetSuite
3 2 (0.71%) SAP BPC
3 2 (0.71%) SAP CO
3 2 (0.71%) SAP FI
3 2 (0.71%) SAP FI/CO
4 1 (0.35%) Elite 3E
4 1 (0.35%) Remedy ITSM
4 1 (0.35%) Salesforce.com CRM
Cloud Services
1 64 (22.70%) Azure
2 54 (19.15%) SaaS
3 23 (8.16%) AWS
4 21 (7.45%) Cloud Computing
5 18 (6.38%) Microsoft 365
6 13 (4.61%) GCP
7 12 (4.26%) IaaS
7 12 (4.26%) PaaS
8 9 (3.19%) BPaaS
9 7 (2.48%) Power Platform
10 4 (1.42%) IBM Cloud
11 2 (0.71%) Dynamics 365
12 1 (0.35%) Azure Stack
12 1 (0.35%) Salesforce Service Cloud
Communications & Networking
1 19 (6.74%) Firewall
2 13 (4.61%) Internet
3 9 (3.19%) WAAS
4 7 (2.48%) SSL
4 7 (2.48%) VPN
5 6 (2.13%) TCP/IP
6 5 (1.77%) Unified Communications
7 3 (1.06%) BGP
7 3 (1.06%) Cisco ASA
7 3 (1.06%) Cisco Nexus
7 3 (1.06%) DNS
7 3 (1.06%) F5 BIG-IP GTM
7 3 (1.06%) F5 BIG-IP LTM
7 3 (1.06%) IPsec
7 3 (1.06%) IPv4
7 3 (1.06%) IPv6
7 3 (1.06%) MPLS
7 3 (1.06%) Network Security
7 3 (1.06%) OSPF
7 3 (1.06%) Reverse Proxy
Database & Business Intelligence
1 26 (9.22%) SQL Server
2 12 (4.26%) Big Data
3 11 (3.90%) Data Warehouse
4 7 (2.48%) Power BI
4 7 (2.48%) Tableau
5 5 (1.77%) Data Mining
6 2 (0.71%) Relational Database
6 2 (0.71%) SAP BW
7 1 (0.35%) PostgreSQL
Development Applications
1 13 (4.61%) Git (software)
2 4 (1.42%) JIRA
3 1 (0.35%) Bitbucket
General
1 63 (22.34%) Finance
2 28 (9.93%) Public Sector
3 17 (6.03%) Legal
4 15 (5.32%) Banking
5 8 (2.84%) Law
6 6 (2.13%) Manufacturing
7 3 (1.06%) Retail
7 3 (1.06%) Russian Language
8 2 (0.71%) Investment Banking
8 2 (0.71%) Retail Banking
9 1 (0.35%) Aerospace
9 1 (0.35%) Marketing
Job Titles
1 47 (16.67%) Consultant
2 42 (14.89%) Analyst
3 35 (12.41%) Security Analyst
3 35 (12.41%) Security Consultant
4 34 (12.06%) Developer
5 29 (10.28%) Security Specialist
6 22 (7.80%) Security Manager
7 20 (7.09%) Information Analyst
7 20 (7.09%) Information Officer
7 20 (7.09%) Information Security Analyst
7 20 (7.09%) Information Security Officer
7 20 (7.09%) Security Officer
8 16 (5.67%) Information Security Specialist
8 16 (5.67%) Information Specialist
9 15 (5.32%) Information Security Consultant
10 14 (4.96%) Senior Developer
11 13 (4.61%) Head of Security
11 13 (4.61%) Software Developer
12 12 (4.26%) Head of Information
12 12 (4.26%) Head of Information Security
Libraries, Frameworks & Software Standards
1 45 (15.96%) .NET
2 17 (6.03%) .NET Framework
3 16 (5.67%) REST
4 14 (4.96%) AngularJS
5 13 (4.61%) jQuery
6 11 (3.90%) Middleware
7 6 (2.13%) .NET Core
7 6 (2.13%) SOAP
7 6 (2.13%) Web Services
8 5 (1.77%) Apache Thrift
8 5 (1.77%) HTML
8 5 (1.77%) Velocity
8 5 (1.77%) WSDL
8 5 (1.77%) XML
9 4 (1.42%) Kafka
9 4 (1.42%) LDAP
9 4 (1.42%) NumPy
9 4 (1.42%) Pandas
9 4 (1.42%) pytest
10 1 (0.35%) Twitter Bootstrap
Miscellaneous
1 63 (22.34%) Management Information System
2 18 (6.38%) Cyberthreat
2 18 (6.38%) Mobile App
3 14 (4.96%) Enterprise Software
4 13 (4.61%) Analytical Skills
5 9 (3.19%) Public Cloud
6 8 (2.84%) User Experience
7 6 (2.13%) Greenfield Project
7 6 (2.13%) Security Operations Centre
8 5 (1.77%) Algorithms
8 5 (1.77%) Data Structures
8 5 (1.77%) Enterprise Storage
8 5 (1.77%) Internet of Things
8 5 (1.77%) IVR
8 5 (1.77%) N-Tier
8 5 (1.77%) SCADA
9 4 (1.42%) Data Protection Act
9 4 (1.42%) Self-Motivation
10 3 (1.06%) Cybercrime
10 3 (1.06%) Data Centre
Operating Systems
1 22 (7.80%) Windows
2 16 (5.67%) Linux
3 9 (3.19%) Windows Server
4 5 (1.77%) Unix
Processes & Methodologies
1 170 (60.28%) Information Security
2 119 (42.20%) Cybersecurity
3 89 (31.56%) Risk Management
4 55 (19.50%) Agile Software Development
5 50 (17.73%) ITIL
6 47 (16.67%) Security Operations
7 39 (13.83%) DevOps
8 34 (12.06%) ISMS
8 34 (12.06%) Stakeholder Management
9 33 (11.70%) Security Architecture
10 31 (10.99%) Security Management
11 27 (9.57%) Continuous Improvement
12 26 (9.22%) SIEM
13 25 (8.87%) Analytics
13 25 (8.87%) Identity Access Management
14 24 (8.51%) Data Privacy
14 24 (8.51%) Data Protection
14 24 (8.51%) Risk Assessment
15 23 (8.16%) Incident Management
15 23 (8.16%) Vulnerability Management
Programming Languages
1 30 (10.64%) C#
2 26 (9.22%) SQL
3 24 (8.51%) JavaScript
4 17 (6.03%) Java
5 11 (3.90%) Python
6 9 (3.19%) C
6 9 (3.19%) PHP
7 5 (1.77%) Kotlin
7 5 (1.77%) VBA
8 3 (1.06%) PowerShell
8 3 (1.06%) VB.NET
8 3 (1.06%) VBScript
Qualifications
1 72 (25.53%) CISSP
2 49 (17.38%) CISM
2 49 (17.38%) Degree
3 41 (14.54%) CISA
4 19 (6.74%) Security Cleared
5 18 (6.38%) ISO 27001 Lead Auditor
6 17 (6.03%) CRISC
7 8 (2.84%) SC Cleared
8 6 (2.13%) Cisco Certification
8 6 (2.13%) Computer Science Degree
8 6 (2.13%) ISACA
8 6 (2.13%) ITIL Certification
9 5 (1.77%) DV Cleared
10 4 (1.42%) ISO 27001 Lead Implementer
11 3 (1.06%) (ISC)2 CCSP
11 3 (1.06%) CCIE Service Provider
11 3 (1.06%) CISMP
11 3 (1.06%) JNCIP
11 3 (1.06%) MCSE
11 3 (1.06%) Microsoft Certification
Quality Assurance & Compliance
1 105 (37.23%) ISO/IEC 27001
2 54 (19.15%) GDPR
3 53 (18.79%) PCI DSS
4 45 (15.96%) NIST
5 28 (9.93%) COBIT
6 24 (8.51%) Cyber Essentials
7 19 (6.74%) QA
8 13 (4.61%) Sarbanes-Oxley
9 11 (3.90%) Cyber Essentials PLUS
10 9 (3.19%) 21 CFR Part 11
10 9 (3.19%) HIPAA
10 9 (3.19%) ITGC
11 8 (2.84%) ISO 22301
12 7 (2.48%) SOC 2
13 5 (1.77%) COSO
13 5 (1.77%) ISO 9001
13 5 (1.77%) ISO/IEC 20000
13 5 (1.77%) NIST 800
14 3 (1.06%) NCSC
14 3 (1.06%) SLA
System Software
1 21 (7.45%) Docker
2 13 (4.61%) Active Directory
3 5 (1.77%) VMware Infrastructure
4 3 (1.06%) Firmware
Systems Management
1 18 (6.38%) Kubernetes
2 5 (1.77%) RSA Archer
3 4 (1.42%) Opscode Chef
3 4 (1.42%) Puppet
4 3 (1.06%) Single Sign-On
5 1 (0.35%) Oracle Identity Management
5 1 (0.35%) Oracle Identity Manager
Vendors
1 31 (10.99%) ServiceNow
2 18 (6.38%) Microsoft
3 12 (4.26%) Google
3 12 (4.26%) SAP
4 7 (2.48%) Salesforce.com
5 6 (2.13%) VMware
6 5 (1.77%) BiZZdesign
6 5 (1.77%) Citrix
6 5 (1.77%) Genesys
6 5 (1.77%) Oracle
6 5 (1.77%) Pega
6 5 (1.77%) Sparx
7 4 (1.42%) BMC
7 4 (1.42%) Cisco
7 4 (1.42%) HP
7 4 (1.42%) IBM
7 4 (1.42%) Ivanti
8 3 (1.06%) Broadcom
8 3 (1.06%) F5
8 3 (1.06%) Mellanox