Governance, Risk & Compliance (GRC) Analyst

Location: London

Contract Type: Permanent

Work Pattern: Full Time and Hybrid (2/3 days a week in the office)

This role sits at the intersection of technology, governance, and risk - helping to protect MS Amlin Business Services (MS ABS) and its supported entities from security and supplier-related threats.

As a GRC Analyst with a focus on Third-Party Risk Management (TPRM), you'll play a key part in identifying, assessing, and managing risks arising from our external partners and suppliers, while supporting broader information security assurance, governance, and compliance activities.

You’ll work closely with teams across Information Security, Procurement, Data Protection, and Technology to maintain a strong security posture. This is a hands‑on, analytical role - ideal for someone who enjoys solving problems, improving processes, and helping the business make informed, secure decisions.

• Manage supplier due diligence, triage, and assessment reviews in our GRC.
• Coordinate high‑risk vendor assessments and validate certifications or test results.
• Track remediation and renewal cycles for suppliers under continuous monitoring.
• Support audits, compliance reviews, and internal risk reporting.
• Automate assessment and reporting processes and improving tool integrations.
• Assisting in security incident response where suppliers or third parties are involved.

• Thrive in a dynamic environment where you can lead transformational initiatives and drive significant change within the Procurement function.
• Excel at building relationships and acting as a trusted advisor, communicating complex concepts clearly and effectively to various stakeholders.
• Have a passion for risk management, with a keen eye for identifying and mitigating third‑party risks to ensure organisational stability and compliance.
• Enjoy collaborating with cross‑functional teams, leveraging diverse expertise to achieve strategic goals and enhance overall business performance.

• Demonstrable experience in third‑party risk management, with a proven track record of leading transformational initiatives within a complex organisation.
• Familiarity with GRC/TPRM platforms (e.g., OneTrust, Archer, ServiceNow).
• Strong understanding of risk‑based control frameworks (ISO 27001, NIST CSF).
• Strong analytical skills, with the ability to conduct thorough risk assessments and develop effective risk mitigation strategies.
• Excellent communication and interpersonal skills, capable of acting as a trusted advisor and building strong relationships with internal stakeholders and external vendors.
• A collaborative mindset, with the ability to work effectively with cross‑functional teams, including Legal, HR, IT, Risk Management, Compliance and Finance, to achieve strategic goals.

• Experience in evaluating or implementing third‑party risk monitoring or automation tools (e.g., BlueVoyant, SecurityScorecard, BitSight).
• Relevant professional certification such as CISM, CISA, CRISC, CIPM or equivalent.
• Background in insurance or regulated financial services environments.

We are stronger together because of our common interests and rich differences. You may be the strength we didn’t know we needed. Believe in yourself, and click apply today!

• Competitive Base Salary
• Performance Related Discretionary Bonus
• Holiday: 28 days core annual leave, and you can buy up to 5 days
• Pension: A minimum 2% employee contribution plus 7% MS Amlin contribution (9%) up to a maximum of 5% employee contribution plus 13% MS Amlin contribution (18%)
• Private Medical: cover for yourself. Family members/dependants can be added
• Flex Fund: £1,000 (pro‑rated based on start date) to spend on flexible benefits
• Life Assurance: 10 x annualised base salary

Each one of us is unique because of our backgrounds, what we have learned so far and how we express that. Establishing an inclusive attitude helps us, organisationally, to ‘think outside the box’ because it calls on that diverse range of ideas, perspectives and lived experiences.

We commit to continuing our work towards a more diverse and inclusive future by recognising that our business, our teams and every colleague has a part to play in driving the positive change we all want to see.

Our values demonstrate our commitment to providing an environment in which each and every colleague is respected for who they are and what they can contribute to the business, regardless of nationality, race, ethnicity, religion/faith, sexual orientation, gender identity, gender expression, disability, socio‑economic background, sex or age.