Senior GRC Analyst

Cyber Security Governance, Risk & Compliance Analyst (12‐Month Contract) (Outside IR35)

Hybrid – London (1-2 trips per week max)

We are seeking an experienced Cyber Security Governance, Risk & Compliance Analyst to join a major Operator of Essential Services (OES) on an initial 12‐month contract. This role plays a key part in strengthening cyber resilience, supporting regulatory compliance activities, and ensuring alignment with the UK’s evolving cyber security standards.

About the Role

You will support a portfolio of cyber resilience and regulatory initiatives, focusing on:

  • Coordinating and delivering the Annual NIS Self‐Assessment and Improvement Report
  • Ensuring compliance with NIS Regulations, Ofgem expectations, and the Enhanced Cyber Assessment Framework (ECAF)
  • Enhancing and maturing the organisation’s Incident Response Framework
  • Designing and delivering scenario‐based incident response exercises for senior leadership
  • Conducting comprehensive reviews of the Cyber Risk Register
  • Supporting assurance activities across NIS, Ofgem, EU and UK regulatory requirements, and the Cyber Security Resilience Bill
  • Contributing to planning, coordination, and reporting across the Cyber Security Roadmap
  • Providing project and programme management support, including supplier management, RAID tracking and delivery governance
  • Supporting ongoing maintenance of the ISMS, including policies, procedures, governance, and assurance tasks

About You

We are looking for someone who has:

  • Strong experience delivering or supporting cyber security programmes, ideally in a regulated sector
  • Knowledge of NIS Regulations, CAF, and Ofgem cyber security expectations
  • Experience delivering incident response exercises and associated documentation
  • A solid understanding of cyber risk management and threat assessment
  • Strong communication and stakeholder engagement skills
  • The ability to manage multiple workstreams concurrently
  • Experience with UK/EU ISMS frameworks (ISO 27001 or similar) is highly beneficial
  • A background in sectors such as utilities, energy, transport, or other regulated environments is advantageous

Working Pattern

  • Hybrid role based in London (1/2 trips per week)
  • Occasional travel expected (Belgium and Norfolk)

Why This Contract

This is an opportunity to have a direct impact on strengthening cyber security resilience within an essential services environment. You will play a central role in regulatory compliance, organisational readiness, and the uplift of key governance and risk processes.

If you have strong GRC experience in regulated environments and are looking for a contract where you can make a tangible impact, we would welcome your application.

Apply Now
Apply Now

Job Details

Company
InfoSec People Ltd
Location
London Area, United Kingdom
Posted