GRC Analyst

GRC Analyst – Information Security

London – Hybrid

£50,000 - £55,000 + Bonus

VIQU has partnered with a leading transport organisation to recruit a GRC Analyst to join their Finance and Information Security team. This is a fantastic opportunity for a GRC Analyst to take ownership of established governance frameworks, policies, and risk processes within a highly regulated environment. The GRC Analyst will play a key role in maintaining compliance, supporting audits, and embedding a strong risk-aware culture across the business.

Key Responsibilities of the GRC Analyst:

• Support and maintain the organisation’s risk management framework, including risk identification, assessment, and monitoring
• Facilitate risk assessments across business units and support mitigation planning
• Monitor risk trends, control effectiveness, and emerging threats, providing insights to senior stakeholders
• Support compliance programmes, ensuring adherence to regulatory and industry standards (e.g. ISO27001, NIST CSF)
• Coordinate internal and external audits, including evidence gathering and action tracking
• Contribute to governance policies, standards, and procedures development and review
• Produce clear governance and risk reports for leadership teams
• Support governance and assurance of technology change management processes
• Assist with risk, compliance, and security awareness initiatives across the organisation

Key Requirements of the GRC Analyst:

• 4–5 years’ experience in governance, risk, or compliance roles within regulated or critical environments
• Strong understanding of frameworks such as ISO27001 and NIST CSF
• Experience supporting audits, compliance reporting, and evidence management
• Ability to interpret regulatory requirements into practical controls and processes
• Excellent communication and stakeholder engagement skills
• Strong organisational skills with the ability to manage multiple priorities
• Experience within regulated sectors such as transport, utilities, financial services, or government
• Exposure to Operational Technology (OT) or Industrial Control Systems (ICS) (desirable)
• Relevant certifications (ISO27001 Lead Implementer/Auditor, CISMP, CRISC, CISM) (desirable)
• Degree in Information Security, Risk, Business, Law, or equivalent experience

Additional Information:

• Hybrid working: Initially 5 days onsite, reducing to 3 days onsite after probation
• 5% bonus
• 10% pension contribution
• Free Zone 1–6 travel for you and a nominated household member
• 75% discount on National Rail season tickets
• Interview process: 2 stages (Face-to-face and virtual)

Apply today to speak with VIQU in confidence or contact Noah Yeoman at .
Know someone exceptional for this GRC Analyst position? Refer them and receive up to £1,000 if successful (terms apply).
Follow us on LinkedIn @VIQU IT Recruitment for more exciting opportunities.