Governance, Risk Management and Compliance (GRC)
UK

The following table provides summary statistics for permanent job vacancies with a requirement for GRC skills. Included is a benchmarking guide to the salaries offered in vacancies that have cited GRC over the 6 months to 7 December 2023 with a comparison to the same period in the previous 2 years.

6 months to
7 Dec 2023
Same period 2022 Same period 2021
Rank 428 661 724
Rank change year-on-year +233 +63 -100
Permanent jobs citing GRC 327 445 376
As % of all permanent jobs advertised in the UK 0.62% 0.36% 0.29%
As % of the Quality Assurance & Compliance category 4.18% 2.04% 1.88%
Number of salaries quoted 206 366 232
10th Percentile £51,875 £42,000 £47,500
25th Percentile £57,500 £52,500 £55,000
Median annual salary (50th Percentile) £70,576 £70,000 £70,000
Median % change year-on-year +0.82% - +12.00%
75th Percentile £85,000 £81,250 £83,125
90th Percentile £88,000 £90,375 £97,250
UK excluding London median annual salary £70,000 £57,500 £65,000
% change year-on-year +21.74% -11.54% +18.18%

All Quality Assurance and Compliance Skills
UK

GRC is in the Quality Assurance and Compliance category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for quality assurance or compliance skills.

Permanent vacancies with a requirement for quality assurance or compliance skills 7,820 21,854 20,028
As % of all permanent jobs advertised in the UK 14.76% 17.79% 15.63%
Number of salaries quoted 5,740 11,810 12,651
10th Percentile £31,250 £31,250 £31,000
25th Percentile £42,793 £42,500 £40,428
Median annual salary (50th Percentile) £60,000 £57,500 £55,000
Median % change year-on-year +4.35% +4.55% +2.37%
75th Percentile £77,500 £76,250 £72,500
90th Percentile £95,000 £95,000 £90,000
UK excluding London median annual salary £52,500 £50,000 £47,500
% change year-on-year +5.00% +5.26% -3.06%

GRC
Job Vacancy Trend

Job postings citing GRC as a proportion of all IT jobs advertised.

Job vacancy trend for GRC in the UK

GRC
Salary Trend

3-month moving average salary quoted in jobs citing GRC.

Salary trend for GRC in the UK

GRC
Salary Histogram

Salary distribution for jobs citing GRC over the 6 months to 7 December 2023.

Salary histogram for GRC in the UK

GRC
Top 17 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing GRC within the UK over the 6 months to 7 December 2023. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Jobs
England +209 275 £70,576 +0.82% 102
UK excluding London +184 177 £70,000 +21.74% 45
Work from Home +175 164 £70,000 +12.00% 53
London +224 119 £80,000 +9.11% 62
North of England +121 61 £69,250 +25.91% 14
Yorkshire +109 40 £68,500 +19.13% 6
South West +80 27 £70,576 +0.82% 8
South East +84 26 £65,000 +18.18% 8
Midlands +109 24 £75,000 +15.38% 11
Scotland - 20 £70,576 -
North West +89 19 £65,000 +18.18% 7
West Midlands +113 17 £75,000 +15.38% 10
East of England +122 9 £59,250 -1.25% 4
East Midlands +44 7 - - 1
Wales - 6 £40,532 - 3
Northern Ireland - 5 - -
North East +45 2 £81,138 - 1

GRC
Co-occurring Skills and Capabilities by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same employment type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 4 (1.22%) SharePoint
2 1 (0.31%) MS Exchange
Applications
1 14 (4.28%) Microsoft Excel
2 8 (2.45%) Microsoft Office
3 6 (1.83%) MS Visio
4 4 (1.22%) Microsoft Project
5 3 (0.92%) Microsoft PowerPoint
Business Applications
1 12 (3.67%) SAP GRC
2 7 (2.14%) SAP S/4HANA
3 1 (0.31%) SAP ERP
Cloud Services
1 18 (5.50%) PaaS
2 11 (3.36%) Azure
2 11 (3.36%) Power Platform
3 7 (2.14%) Microsoft 365
4 3 (0.92%) AWS
4 3 (0.92%) SuccessFactors
5 2 (0.61%) SaaS
6 1 (0.31%) Azure DevOps
6 1 (0.31%) IaaS
6 1 (0.31%) Mimecast
6 1 (0.31%) Power Automate
Communications & Networking
1 16 (4.89%) Firewall
2 7 (2.14%) Network Security
3 2 (0.61%) DNS
3 2 (0.61%) HTTP
3 2 (0.61%) Intrusion Detection
3 2 (0.61%) SMTP
3 2 (0.61%) TCP/IP
4 1 (0.31%) 3G
4 1 (0.31%) 4G
4 1 (0.31%) 5G
4 1 (0.31%) Cisco ASA
4 1 (0.31%) Cisco IPT
4 1 (0.31%) Cisco ISE
4 1 (0.31%) DKIM
4 1 (0.31%) DMARC
4 1 (0.31%) Intranet
4 1 (0.31%) Wireshark
Database & Business Intelligence
1 11 (3.36%) Power BI
2 3 (0.92%) SAP BW
3 2 (0.61%) SAP HANA
4 1 (0.31%) Big Data
Development Applications
1 9 (2.75%) JIRA
2 2 (0.61%) Git
2 2 (0.61%) Jenkins
3 1 (0.31%) JUnit
3 1 (0.31%) Maven
3 1 (0.31%) Snyk
General
1 98 (29.97%) Analytical Skills
2 92 (28.13%) Finance
3 90 (27.52%) Social Skills
4 34 (10.40%) Retail
5 24 (7.34%) Banking
6 23 (7.03%) Public Sector
7 15 (4.59%) Presentation Skills
8 14 (4.28%) Legal
9 13 (3.98%) Law
10 12 (3.67%) Inclusion and Diversity
11 7 (2.14%) Influencing Skills
12 4 (1.22%) French Language
12 4 (1.22%) Spanish Language
13 3 (0.92%) Advertising
13 3 (0.92%) Organisational Skills
13 3 (0.92%) Public Speaking
13 3 (0.92%) Telecoms
14 2 (0.61%) Automotive
14 2 (0.61%) Marketing
14 2 (0.61%) Pharmaceutical
Job Titles
1 67 (20.49%) Analyst
2 62 (18.96%) Site Controller
3 51 (15.60%) Senior
4 50 (15.29%) Consultant
5 47 (14.37%) Security Analyst
6 39 (11.93%) Security Consultant
7 35 (10.70%) Risk Analyst
8 32 (9.79%) Security Manager
9 27 (8.26%) Information Analyst
9 27 (8.26%) Information Security Analyst
10 26 (7.95%) Architect
11 22 (6.73%) Security Architect
12 21 (6.42%) Solutions Architect
13 20 (6.12%) Cybersecurity Consultant
14 18 (5.50%) Compliance Analyst
14 18 (5.50%) Governance Analyst
14 18 (5.50%) Information Security Manager
14 18 (5.50%) Risk Manager
14 18 (5.50%) Senior Manager
15 17 (5.20%) Security Risk Analyst
Libraries, Frameworks & Software Standards
1 68 (20.80%) ModSecurity
2 17 (5.20%) OAuth
2 17 (5.20%) OpenID
3 2 (0.61%) CSS
3 2 (0.61%) LDAP
4 1 (0.31%) React
4 1 (0.31%) SailPoint
4 1 (0.31%) Spring
Miscellaneous
1 92 (28.13%) Management Information System
2 78 (23.85%) Greenfield Project
3 10 (3.06%) Cyberattack
3 10 (3.06%) e-Learning
3 10 (3.06%) Onboarding
4 8 (2.45%) Cyber Threat
4 8 (2.45%) Operational Technology
5 7 (2.14%) Product Ownership
5 7 (2.14%) Security Posture
6 5 (1.53%) Data Protection Act
7 4 (1.22%) NHS
7 4 (1.22%) PMI
8 3 (0.92%) SCADA
9 2 (0.61%) Analytical Mindset
9 2 (0.61%) Cyber Security Posture
9 2 (0.61%) Renewable Energy
10 1 (0.31%) Distributed Applications
10 1 (0.31%) Satnav
10 1 (0.31%) Security Operations Centre
10 1 (0.31%) Self-Motivation
Operating Systems
1 5 (1.53%) Linux
1 5 (1.53%) Windows
Processes & Methodologies
1 223 (68.20%) Information Security
2 190 (58.10%) Risk Management
3 150 (45.87%) Cybersecurity
4 109 (33.33%) ISMS
5 98 (29.97%) Security Management
6 92 (28.13%) Information Security Management
7 78 (23.85%) IT Strategy
8 74 (22.63%) Business Continuity
9 62 (18.96%) Analytical Thinking
10 61 (18.65%) Actionable Insight
10 61 (18.65%) Business Continuity Management
11 52 (15.90%) Roadmaps
12 43 (13.15%) Agile
13 36 (11.01%) Problem-Solving
14 32 (9.79%) Security Architecture
15 27 (8.26%) Stakeholder Management
16 26 (7.95%) Customer-Centricity
17 25 (7.65%) Data Protection
17 25 (7.65%) Information Security Governance
18 24 (7.34%) Stakeholder Engagement
Programming Languages
1 3 (0.92%) JavaScript
2 2 (0.61%) SQL
3 1 (0.31%) ABAP
3 1 (0.31%) Bash
3 1 (0.31%) Java
3 1 (0.31%) Python
3 1 (0.31%) TypeScript
Qualifications
1 139 (42.51%) CISSP
2 116 (35.47%) CISM
3 106 (32.42%) CISA
4 105 (32.11%) CRISC
5 102 (31.19%) Degree
6 100 (30.58%) Security Cleared
7 17 (5.20%) CISMP
8 16 (4.89%) SC Cleared
9 12 (3.67%) DV Cleared
10 11 (3.36%) BPSS Clearance
10 11 (3.36%) CESG Certified Professional
11 10 (3.06%) ISO 27001 Lead Auditor
12 9 (2.75%) ISACA
13 7 (2.14%) ISO 27001 Lead Implementer
14 5 (1.53%) CompTIA Security+
15 4 (1.22%) Azure Certification
15 4 (1.22%) PMI Certification
15 4 (1.22%) PMP
15 4 (1.22%) PRINCE2 Practitioner
16 3 (0.92%) Cisco Certification
Quality Assurance & Compliance
1 176 (53.82%) ISO/IEC 27001
2 154 (47.09%) NIST
3 63 (19.27%) ISO 22301
4 41 (12.54%) GDPR
5 24 (7.34%) NCSC
6 18 (5.50%) Cyber Essentials
7 16 (4.89%) COBIT
8 14 (4.28%) NIST 800
8 14 (4.28%) Sarbanes-Oxley
9 10 (3.06%) PMO
10 9 (2.75%) Cyber Essentials PLUS
10 9 (2.75%) HIPAA
10 9 (2.75%) PCI DSS
11 7 (2.14%) ITGC
11 7 (2.14%) JSP 440
12 5 (1.53%) QA
13 4 (1.22%) IASME
13 4 (1.22%) ISO 31000
13 4 (1.22%) SOC 2
14 3 (0.92%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
System Software
1 3 (0.92%) Active Directory
Systems Management
1 2 (0.61%) Single Sign-On
2 1 (0.31%) CASB
2 1 (0.31%) CSIRT
2 1 (0.31%) DatAdvantage
2 1 (0.31%) Microsoft Intune
2 1 (0.31%) Nmap
2 1 (0.31%) QRadar
2 1 (0.31%) RSA Archer
Vendors
1 61 (18.65%) CA
2 17 (5.20%) Microsoft
3 12 (3.67%) SAP
4 9 (2.75%) Cadence
5 8 (2.45%) ServiceNow
6 2 (0.61%) Ariba
6 2 (0.61%) Cisco
6 2 (0.61%) IBM
7 1 (0.31%) Checkmarx
7 1 (0.31%) Darktrace
7 1 (0.31%) OneTrust
7 1 (0.31%) Oracle
7 1 (0.31%) Palo Alto
7 1 (0.31%) Qualys
7 1 (0.31%) Varonis