Governance, Risk and Compliance (GRC) Analyst required to join a growing team. This is a dynamic and hands-on role suited to someone with a broad understanding of enterprise risk, compliance frameworks, and governance processes who thrives in a collaborative environment. Youll play a key role in enhancing the GRC framework, supporting compliance and risk initiatives across the business, and engaging with a variety of stakeholders to promote a culture of integrity, accountability, and proactive risk management. Key Responsibilities Support the implementation and maintenance of the organisations GRC framework, policies, and processes. Conduct risk assessments, maintain risk registers, and assist in tracking mitigation activities. Assist in the design and execution of compliance monitoring and internal control reviews. Help ensure alignment with key regulations and standards (e.g., GDPR, ISO 27001, NIS2, DORA, SOC 2, etc.). Prepare reports and dashboards for management and board-level committees. Liaise with internal teams (Legal, IT, HR, Security, Operations) to identify and manage compliance obligations. Support incident and issue management, ensuring timely investigation and resolution. Coordinate audits and provide documentation to external and internal auditors as needed. Contribute to training and awareness initiatives to embed GRC principles across the organisation. About You Proven experience (25 years ideal) in GRC, risk management, audit, or compliance roles. Strong stakeholder management and communication skills able to influence and engage at all levels. Solid understanding of governance frameworks and regulatory requirements across multiple domains (data protection, IT security, operational risk, etc.). Analytical thinker with strong attention to detail and problem-solving skills. Ability to manage multiple priorities and work independently in a fast-paced environment. Experience using GRC or risk management tools (e.g., Archer, ServiceNow, MetricStream, OneTrust) is an advantage. Relevant certifications (e.g., ISO 27001 Lead Implementer, CIPP/E, CRISC, or similar) are desirable but not essential.