Senior Cyber Security Analyst – GRC Lead

About the role

We are seeking a Senior Cyber Security Analyst with at least 10 years of experience in Governance, Risk and Compliance (GRC). The role will lead the design, implementation and continuous improvement of our cybersecurity governance framework, ensuring alignment with regulatory obligations and industry best‑practice standards.

Key responsibilities

• Develop, maintain and enhance GRC frameworks aligned with ISO 27001, NIST, COBIT, Essential Eight, PCI‑DSS and relevant regulations.
• Perform cyber risk assessments, control reviews and maturity/gap analyses across systems, cloud environments, applications and technology projects.
• Lead internal and external audit readiness activities, coordinating evidence collection and remediation tracking.
• Design and update security policies, standards, SOPs and control libraries.
• Conduct control design and operating effectiveness testing, manage issue lifecycles and oversee remediation plans.
• Manage third‑party and supplier risk assessments and ongoing assurance activities.
• Provide cyber risk advisory for strategic initiatives such as cloud migration, API security and identity governance.
• Support cyber resilience, business continuity and incident preparedness programmes.
• Engage senior leadership and stakeholders through reports, dashboards and governance forums.
• Promote security awareness and a strong risk culture across the organisation.

Required profile

• Minimum 10 years of experience in cyber security GRC.
• Proven track record leading risk assessments, audit readiness and control testing.
• Strong communication skills with senior executives and cross‑functional teams.

Required skills

• ISO 27001
• NIST framework
• COBIT
• Essential Eight
• PCI‑DSS
• GRC framework development
• Risk assessment and gap analysis
• Control design and operating effectiveness testing
• Third‑party risk management
• Cloud security concepts
• API and identity governance security