Senior IT GRC Analyst
City of London/Hybrid
£Competitive + strong bonus and benefits

GRC Frameworks, ISO 27001, NIST

A prestigious financial services organisation in the heart of the City of London is seeking a Senior IT GRC Analyst to join its dynamic team. In this collaborative role, you will support the development and enhancement of IT Governance, Risk, and Compliance (GRC) frameworks, working closely with senior stakeholders, internal IT teams, and third-party partners to manage IT risk and ensure regulatory compliance across the business.

Key Responsibilities:

Governance:

• Contributing to the implementation and continuous development of IT GRC frameworks.
• Assisting in the review and maintenance of IT GRC documentation.
• Assist in the implementation and communication of IT risk and control management frameworks.
• Conduct governance reviews in line with agreed schedules and document outcomes.
• Maintain documentation for IT risk and control management processes.
• Support the preparation and delivery of formal IT GRC reporting.

Risk:

• Identifying, assessing, and documenting IT risks.
• Supporting IT risk management activities, including the execution of technical IT risk assessments.
• Supporting risk owners to define remediation plans and monitor progress on remediation activities.
• Manage day-to-day operational and technical IT risks.
• Support IT risk owners in identifying and assessing technical IT risks and assist in documenting and tracking remediation plans.
• Contribute to formal risk reporting processes within Group IT and to second-line functions.
• Assist in the coordination and execution of annual operational risk assessments.

Compliance:

• Evaluating compliance with IT control requirements as defined in internal policies and standards.
• Supporting periodic reviews and assessments related to IT GRC.
• Support IT control compliance activities, including annual reviews and maturity assessments of IT controls.
• Assist IT control owners with control self-assessments and attestations to support second-line permanent control checks.
• Coordinate IT control attestations across Group IT and with third-party service providers.

Key Skills and Experience:

• 3-5+ years of experience in Information Security Governance, Risk, and Compliance (GRC), with a focus on IT risk and control management.
• Strong analytical skills with the ability to perform technical IT security and operational risk assessments.
• High attention to detail, ensuring accuracy in documentation, assessments, and compliance activities.
• Strong understanding of information security risk management principles, frameworks (eg, ISO 27001, NIST), and compliance practices.
• Exposure and understanding of IT infrastructure, business applications, and their associated risks and controls.
• Experience collaborating with internal and external audit teams, including supporting audit readiness and evidence gathering.
• Proven ability to work effectively across multi-disciplinary, multi-cultural, and geographically dispersed teams.
• Excellent written and verbal communication skills, with the ability to convey complex information clearly to both technical and non-technical audiences.
• Strong interpersonal and presentation skills, with confidence engaging stakeholders at all levels.
• Industry-recognised technical certifications such as ITIL, CISSP, CRISC, or similar are desirable but not essential.
• Familiarity with regulatory requirements such as DORA is desirable.

This is a fantastic opportunity to join a highly respected financial services organisation with a collaborative culture and strong commitment to professional growth. You'll gain exposure to a wide range of GRC activities and enjoy the opportunity to develop your career within a supportive and dynamic environment.

For a full consultation, please contact Arc IT.

Salaries will be based on experience.