GRC Analyst - Third Party Risk Management

GRC Analyst - Third Party Risk Management

Fixed Term Contract, 12 months - £45k - £50k

Location: Hybrid - Birmingham

Your new company:

I am looking to recruit a GRC Analyst, focusing on Third Party Risk Management, to join a leader in the hospitality space, with the role focusing on GRC activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation.

The role responsibilities:

This role focusses on supplier assurance and third-party risk management, ensuring that vendors handling company data or connecting to company systems operate in line with security, privacy, and compliance expectations. Key parts of the role:

Conducting and coordinating security and privacy risk assessments for new and existing third-party suppliers.
Evaluating supplier controls relating to data protection, information security, data hosting, subcontractor usage, and system access.
Cataloguing and maintaining records of data shared with third parties, including purpose of use, information security classification, data sensitivity, and processing location.
Ensuring third party data handling arrangements clearly define data retention, archiving, and deletion requirements in line with policies and regulatory obligations.
Maintaining third party risk documentation and tracking remediation actions with suppliers and internal teams.
Working closely with Vendor Management, Procurement, Legal, Information Security, and IT to ensure supplier risks are identified early and addressed prior to onboarding or renewal.
Escalating high risk supplier findings to the IT Licensing & Compliance Manager and relevant stakeholders.
You will need:

Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements.
Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role.
Ability to interpret and assess technical and organisational controls.
Strong analytical skills with excellent attention to detail.
Confident written and verbal communication skills, able to engage across legal, technical, and operational teams.
Experience contributing to incident or breach investigations.
Ability to manage multiple competing priorities and constructively challenge established processes.
Minimum 3 years' experience in a relevant role.
CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection, desirable.
What you'll get in return:

Salary of between £45k-£50k
Hybrid working
Company discounts
A pension contribution matched at 1.5x, up to 5%.
Private healthcare, dental plan, cycle to work, and keep-fit schemes.
26 days annual leave plus bank holidays.Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)