Security Analyst - GRC/Audit

Contract Security Analyst - GRC / Audit

6 months | Remote (UK) | Outside IR35

We're looking for an experienced Security Analyst with an audit first mindset to support a group wide review of security controls across business critical systems, infrastructure, and applications. This work forms part of a broader programme to align with NIST CSF v2.0.

You'll be reviewing the design and effectiveness of security controls, conducting evidence based assessments, and identifying risks where controls are missing or ineffective.

Delivery Areas:

• Conducting audit style assessments across SaaS platforms, bespoke applications, infrastructure, and cloud environments

• Evaluating current controls against updated policies and frameworks (NIST CSF v2.0)

• Performing gap analysis to assess how fit for purpose current controls are

• Identifying control gaps or legacy issues, and documenting findings in structured, actionable reports

• Working with stakeholders to define and track mitigation and remediation plans

• Identify control gaps, legacy issues, and areas of non-compliance.

• Applying professional scepticism to uncover blind spots and validate that controls are genuinely in place and effective

• Proven experience in security auditing, GRC, or control assurance roles

• Strong knowledge of security control frameworks (e.g. NIST CSF, ISO 27001, CIS)

• Comfortable performing control testing, evidence gathering, and reporting against compliance requirements

• Broad technical understanding across cloud (especially AWS), infrastructure, and applications

• Excellent stakeholder management and communication skills

• Exposure to tools like Splunk, Crowdstrike, MITRE ATT&CK, Kubernetes (nice to have)