GRC Analyst (Governance, Risk & Controls)

Time Type: Full time

Working Pattern: Hybrid

AEGIS London are currently seeking an experienced GRC Analyst to join our team and support the operation and transformation of our control practices. As a GRC Analyst, you will support the implementation, monitoring, and continuous improvement of AEGIS London's IT controls. Controls span across change management, project management, change control, identity and access governance, architecture, infrastructure, IT operations and information security. Working within the Controls & Governance (C&G) function, you will contribute to the assurance of control effectiveness, risk mitigation, and compliance with internal policies and regulatory requirements. This role is ideal for a solution-oriented individual with a keen eye for detail and a proactive mindset toward risk management. The role will report directly to the IT Controls and Governance Manager and maintain close working relationships with internal functions including IT, Change, InfoSec, HR, Internal Audit, Risk, Compliance, Third Party Oversight, Business Application Owners and external audit partners and suppliers.

Controls Testing & Monitoring

• Conduct regular testing of IT controls to assess design and operational effectiveness
• Perform walkthroughs with control/process owners and document findings
• Apply both test of Design and Operating Effectiveness methodologies
• Use sampling techniques (random and judgemental) to evaluate control performance
• Monitoring compliance with industry cyber security standards such as NIST and CIS

Reporting & Analysis

• Evidence reviews
• Prepare detailed reports on control testing outcomes, including ratings and observations
• Support the development of dashboards and governance reports
• Track and monitor Key Risk Indicators (KRIs) and trends

Onboarding of new controls for testing

• Conduct walkthroughs with control owners to understand policies and processes pertaining to a control
• Identify key evidence for controls which will be used for testing
• Agree Key Risk Indicators (KRIs) with control owners to measure design and operating effectiveness
• Document control testing procedures

Risk Acceptance and Exception Management

• Log and track exceptions and risk acceptances
• Assist in validating exception requests and ensuring compensating controls are in place
• Collaborate with IT Service Delivery and Control Owners to support remediation efforts
• Review of Cyber Security specific third-party risk management assessments

Process Improvements & Remediation Support

• Work with control owners to identify remediation actions and enhancements to controls
• Support policy and process documentation updates as well as cyber security policy creation

Project Management and Status Reporting

• Provide project management for audit remediation and enhancement work, including developing and managing timelines, budget, resourcing, and activities
• Produce project documentation, including status reports, project scoping and closing documents, change requests, etc

The successful candidate will have a demonstrable experience in the following:

• IT audit, compliance or governance
• Risk management and risk assessment methodologies
• Control frameworks (e.g., ISO 27001, COBIT)
• Standards and frameworks, e.g. ITIL, ITSM, NIST
• Project management and stakeholder management

With the following skills:

• Broad technical awareness: Microsoft Azure, Service Desk, SQL, Information Security etc
• Strong analytical and documentation skills
• Proficiency in Excel, SharePoint, PowerBI; experience with Service Management tools is a plus
• Ability to work collaboratively across teams and communicate findings effectively
• Proactive approach to identifying issues, presenting solutions and options and driving the resolution
• Ability to interpret and apply regulatory requirements

Fairness and respect

We make decisions considering the best interests of key stakeholders. We are direct and straightforward in our actions, working collaboratively to create a culture of fairness and respect.

Open and inclusive

We act with integrity, valuing diversity of thought and background. We take time to listen to the needs of our customers, stakeholders and colleagues working together to seek and share information.

Ambitious

We have a passion for success, aspiring to be recognised as best in class. We embrace new opportunities, encouraging innovation in pursuit of our goals.

Striving to be better

We strive to improve at all times, challenging complacency, being agile and adapting to change. We always seek to improve our customers' experience with us.

Investing in people's potential

We provide an environment where each employee can reach their personal potential. We encourage personal accountability for performance and individual ownership for growth and success.

AEGIS London is an equal opportunities employer and recognises the value of a diverse workforce in facilitating better decision making and business growth. We encourage a variety of differing views, perspectives and insights to create a collaborative working environment. Diversity and Inclusion are fundamental to our business and we encourage applications from all backgrounds recognising the diversity of society and our customers.

It's important to us that you are able to perform at your best when applying for a role with AEGIS London. If there are any adjustments we can reasonably make to ensure that the process is accessible for you please telephone us on +44(0)20 7856 7856 or email recruitment@aegislondon.co.uk

As a business, we understand individual circumstances may differ and aim to be adaptable and to support flexible working practices. Talk to our recruitment team to understand how AEGIS London can help support you in reaching your full potential