Disclaimer: Hunt UK Visa Sponsors aggregates job listings from publicly available sources, such as search engines, to assist with your job hunting. We do not claim affiliation with Ubique Systems. For the most up-to-date job details, please visit the official website by clicking "Apply Now."
Job Title: GRC Lead & Business Analyst
Location" Manchester/Birmingham/London (Hybrid: 2-3 Days to office every week)
Duration: 6 Months (Extendable)
Employment Type: Inside IR35
Roles & Responsibilities:
1. Governance, Risk & Compliance (GRC) Management
- Develop, implement, and maintain GRC policies, frameworks, and procedures aligned with industry standards and regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS).
- Conduct workshops to gather requirements for risk assessments and security reviews, ensuring risk mitigation strategies are in place.
- Maintain a risk register and track risk management initiatives.
- Lead third-party/vendor risk assessments requirement gathering, ensuring supplier security and compliance.
- Collaborate with leadership to align GRC practices with business objectives.
2. Compliance & Assurance
- Ensure the organization meets regulatory requirements and industry best practices.
- Manage compliance audits (ISO 27001, SOC 2, PCI DSS, GDPR, HIPAA) and coordinate with internal/external auditors.
- Conduct compliance monitoring and provide periodic reports on adherence to policies.
- Develop and implement assurance programs to validate control effectiveness.
- Stay updated on changing regulations and emerging compliance risks.
3. Business Analysis & Process Optimization
- Gather and analyze business requirements for GRC initiatives, ensuring alignment with security, risk, and compliance goals.
- Identify gaps in current GRC processes and recommend process improvements.
- Collaborate with IT and security teams to implement automation for risk and compliance tracking.
- Develop dashboards and reports for leadership to track compliance, risks, and control effectiveness.
- Support the evaluation and selection of GRC tools and software solutions.
4. Audit, Reporting & Documentation
- Plan, coordinate, and lead internal and external compliance audits.
- Document and track compliance findings, ensuring timely remediation.
- Prepare compliance reports, risk scorecards, and assurance documentation for senior management.
- Ensure security controls and risk mitigations are well-documented and auditable.
5. Stakeholder Communication & Training
- Serve as a liaison between business units, IT, legal, and compliance teams.
- Conduct compliance and security awareness training for employees.
- Communicate risk and compliance updates to senior leadership.
