GRC Analyst (Governance, Risk & Controls)

Time Type : Full time

Working Pattern : Hybrid

AEGIS London are currently seeking an experienced GRC Analyst to join our team and support the operation and transformation of our control practices.

As a GRC Analyst you will support the implementation monitoring and continuous improvement of AEGIS Londons IT controls.

Controls span across change management project management change control identity and access governance architecture infrastructure IT operations and information security. Working within the Controls & Governance (C&G) function you will contribute to the assurance of control effectiveness risk mitigation and compliance with internal policies and regulatory requirements. This role is ideal for a solution-oriented individual with a keen eye for detail and a proactive mindset toward risk management.

The role will report directly to the IT Controls and Governance Manager and maintain close working relationships with internal functions including IT Change InfoSec HR Internal Audit Risk Compliance Third Party Oversight Business Application Owners and external audit partners and suppliers.

• Conduct regular testing of IT controls to assess design and operational effectiveness
• Perform walkthroughs with control / process owners and document findings
• Apply both test of Design and Operating Effectiveness methodologies
• Use sampling techniques (random and judgemental) to evaluate control performance
• Monitoring compliance with industry cyber security standards such as NIST and CIS

• Evidence reviews
• Prepare detailed reports on control testing outcomes including ratings and observations
• Support the development of dashboards and governance reports
• Track and monitor Key Risk Indicators (KRIs) and trends

• Conduct walkthroughs with control owners to understand policies and processes pertaining to a control
• Identify key evidence for controls which will be used for testing
• Agree Key Risk Indicators (KRIs) with control owners to measure design and operating effectiveness
• Document control testing procedures

• Log and track exceptions and risk acceptances
• Assist in validating exception requests and ensuring compensating controls are in place
• Collaborate with IT Service Delivery and Control Owners to support remediation efforts
• Review of Cyber Security specific third-party risk management assessments

• Work with control owners to identify remediation actions and enhancements to controls
• Support policy and process documentation updates as well as cyber security policy creation

• Provide project management for audit remediation and enhancement work including developing and managing timelines budget resourcing and activities
• Produce project documentation including status reports project scoping and closing documents change requests etc

The successful candidate will have a demonstrable experience in the following :

• IT audit compliance or governance
• Risk management and risk assessment methodologies
• Control frameworks (e.g. ISO 27001 COBIT).
• Standards and frameworks e.g. ITIL ITSM NIST
• Project management and stakeholder management

• Broad technical awareness : Microsoft Azure Service Desk SQL Information Security etc
• Strong analytical and documentation skills
• Proficiency in Excel SharePoint PowerBI; experience with Service Management tools is a plus
• Ability to work collaboratively across teams and communicate findings effectively
• Proactive approach to identifying issues presenting solutions and options and driving the resolution
• Ability to interpret and apply regulatory requirements

We make decisions considering the best interests of key stakeholders. We are direct and straightforward in our actions working collaboratively to create a culture of fairness and respect.

We act with integrity valuing diversity of thought and background. We take time to listen to the needs of our customers stakeholders and colleagues working together to seek and share information.

We have a passion for success aspiring to be recognised as best in class. We embrace new opportunities encouraging innovation in pursuit of our goals.

We strive to improve at all times challenging complacency being agile and adapting to change. We always seek to improve our customers experience with us.

We provide an environment where each employee can reach their personal potential. We encourage personal accountability for performance and individual ownership for growth and success.

AEGIS London is an equal opportunities employer and recognises the value of a diverse workforce in facilitating better decision making and business growth. We encourage a variety of differing views perspectives and insights to create a collaborative working environment. Diversity and Inclusion are fundamental to our business and we encourage applications from all backgrounds recognising the diversity of society and our customers.

Its important to us that you are able to perform at your best when applying for a role with AEGIS London. If there are any adjustments we can reasonably make to ensure that the process is accessible for you please telephone us on 44(0) or email

As a business we understand individual circumstances may differ and aim to be adaptable and to support flexible working practices. Talk to our recruitment team to understand how AEGIS London can help support you in reaching your full potential

IC

ISO 27001,Microsoft Access,Risk Management,Financial Services,PCI,Risk Analysis,Analysis Skills,COBIT,NIST Standards,SOX,Information Security,Data Analysis Skills

Employment Type : Full-Time

Experience : years

Vacancy : 1