GRC Analyst - Information Security

GRC Analyst – Information Security

London – Hybrid

£50,000 - £55,000 + Bonus

VIQU has partnered with a leading transport organisation to recruit a GRC Analyst to join their Finance and Information Security team. This is a fantastic opportunity for a GRC Analyst to take ownership of established governance frameworks, policies, and risk processes within a highly regulated environment. The GRC Analyst will play a key role in maintaining compliance, supporting audits, and embedding a strong risk-aware culture across the business.

Key Responsibilities of the GRC Analyst:

• Support and maintain the organisation’s risk management framework, including risk identification, assessment, and monitoring

• Facilitate risk assessments across business units and support mitigation planning

• Monitor risk trends, control effectiveness, and emerging threats, providing insights to senior stakeholders

• Support compliance programmes, ensuring adherence to regulatory and industry standards (e.g. ISO27001, NIST CSF)

• Maintain compliance registers, documentation, and audit evidence

• Coordinate internal and external audits, including evidence gathering and action tracking

• Contribute to governance policies, standards, and procedures development and review

• Produce clear governance and risk reports for leadership teams

• Support governance and assurance of technology change management processes

• Assist with risk, compliance, and security awareness initiatives across the organisation

Key Requirements of the GRC Analyst:

• 4–5 years’ experience in governance, risk, or compliance roles within regulated or critical environments

• Strong understanding of frameworks such as ISO27001 and NIST CSF

• Experience supporting audits, compliance reporting, and evidence management

• Ability to interpret regulatory requirements into practical controls and processes

• Excellent communication and stakeholder engagement skills

• Strong organisational skills with the ability to manage multiple priorities

• Experience within regulated sectors such as transport, utilities, financial services, or government

• Exposure to Operational Technology (OT) or Industrial Control Systems (ICS) (desirable)

• Relevant certifications (ISO27001 Lead Implementer/Auditor, CISMP, CRISC, CISM) (desirable)

• Degree in Information Security, Risk, Business, Law, or equivalent experience

Additional Benefits:

• Hybrid working: Initially 5 days onsite, reducing to 3 days onsite after probation

• 5% bonus

• 10% pension contribution

• Free Zone 1–6 travel for you and a nominated household member

• 75% discount on National Rail season tickets

Apply today to speak with VIQU in confidence or contact Belle Hegarty via the VIQU website

Know someone exceptional for this GRC Analyst position? Refer them and receive up to £1,000 if successful (terms apply).

Follow us on LinkedIn @VIQU IT Recruitment for more exciting opportunities.

GRC Analyst – Information Security

London – Hybrid

£50,000 - £55,000 + Bonus