Risk And Compliance
IT Governance, Risk & Compliance (GRC) Analyst
Location: Norwich (Hybrid – 60% on-site)Salary: £38,784 – £46,049 + Excellent Benefits Contract: Permanent
About the Role
REED Technology are supporting a leading organisation in recruiting an experienced Governance, Risk & Compliance Analyst. This is a key role in strengthening governance frameworks, managing IT and cyber risk, and ensuring compliance with internal policies and UK regulatory standards.
You’ll work closely with senior stakeholders and collaborate across IT and business teams to embed a culture of accountability and risk awareness. This is a fantastic opportunity to shape processes, influence tool selection, and contribute to the development of a growing security programme.
Key Responsibilities
- Develop and maintain GRC processes, policies, and procedures.
- Ensure compliance with UK-centric frameworks and standards, including PCI-DSS and Cyber Essentials Plus.
- Support internal audits, risk assessments, and governance reviews.
- Assist with new product reviews and collaborate on secure-by-design principles.
- Communicate GRC matters effectively to technical and non-technical stakeholders.
Essential:
- Minimum 2 years’ experience in Governance, Risk & Compliance roles.
- Hands-on experience with PCI-DSS and Cyber Essentials (ideally completed these processes more than once).
- Strong understanding of UK regulatory frameworks and internal policy compliance.
- Experience conducting audits and risk assessments.
- Excellent communication and stakeholder engagement skills.
Desirable:
- Familiarity with NHS DSPT.
- Exposure to GRC tools (e.g., Archer, ServiceNow) and ability to recommend solutions.
- Knowledge of SOP/playbook creation and post-incident reviews.
- Relevant certifications (CRISC, CISM, CISSP, ISO 27001 Lead Auditor).
If you have the relevant skills and experience for the role outline above, please apply using the link provided.
You must have full rights to work in the UK. There is a relocation package available for this role.