GRC Lead Business Analyst
β - Featured Role | Apply direct with Data Freelance Hub
This role is a GRC Lead Business Analyst for a contract of unspecified length, offering a pay rate of "unknown." It is hybrid, based in London, Birmingham, or Manchester. Key skills include GRC management, compliance audits, business analysis, and knowledge of ISO 27001, GDPR, and PCI DSS.
π - Country
United Kingdom
π± - Currency
Β£ GBP
-
π° - Day rate
-
ποΈ - Date discovered
June 4, 2025
π - Project duration
Unknown
-
ποΈ - Location type
Hybrid
-
π - Contract type
Unknown
-
π - Security clearance
Unknown
-
π - Location detailed
London Area, United Kingdom
-
π§ - Skills detailed
#Documentation #Leadership #Security #Compliance #PCI (Payment Card Industry) #Business Analysis #GDPR (General Data Protection Regulation) #Automation #Monitoring
Role description
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Block quote
Ordered list
- Item 1
- Item 2
- Item 3
Unordered list
- Item A
- Item B
- Item C
Bold text
Emphasis
Superscript
Subscript
Role- GRC Lead & Business Analyst
Location- London/ Birmingham/Manchester(Hybrid)
Employment type Contract
Job Summary:
The GRC Lead & Business Analyst is responsible for managing the organization's Governance, Risk, and Compliance (GRC) framework while also performing business analysis to enhance risk management, regulatory compliance, and operational efficiency. This role involves assessing risks, ensuring compliance, conducting audits, analyzing business processes, and driving GRC-related projects. The GRC Lead Cum BA will work closely with IT, legal, finance, and business units to enforce policies, ensure compliance, and implement best practices for governance, risk, and assurance.
Key Responsibilities:
1. Governance, Risk & Compliance (GRC) Management
β’ Develop, implement, and maintain GRC policies, frameworks, and procedures aligned with industry standards and regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, HIPAA, PCI DSS).
β’ Conduct workshops to gather requirements for risk assessments and security reviews, ensuring risk mitigation strategies are in place.
β’ Maintain a risk register and track risk management initiatives.
β’ Lead third-party/vendor risk assessments requirement gathering, ensuring supplier security and compliance.
β’ Collaborate with leadership to align GRC practices with business objectives.
1. Compliance & Assurance
β’ Ensure the organization meets regulatory requirements and industry best practices.
β’ Manage compliance audits (ISO 27001, SOC 2, PCI DSS, GDPR, HIPAA) and coordinate with internal/external auditors.
β’ Conduct compliance monitoring and provide periodic reports on adherence to policies.
β’ Develop and implement assurance programs to validate control effectiveness.
β’ Stay updated on changing regulations and emerging compliance risks.
1. Business Analysis & Process Optimization
β’ Gather and analyze business requirements for GRC initiatives, ensuring alignment with security, risk, and compliance goals.
β’ Identify gaps in current GRC processes and recommend process improvements.
β’ Collaborate with IT and security teams to implement automation for risk and compliance tracking.
β’ Develop dashboards and reports for leadership to track compliance, risks, and control effectiveness.
β’ Support the evaluation and selection of GRC tools and software solutions.
1. Audit, Reporting & Documentation
β’ Plan, coordinate, and lead internal and external compliance audits.
β’ Document and track compliance findings, ensuring timely remediation.
β’ Prepare compliance reports, risk scorecards, and assurance documentation for senior management.
β’ Ensure security controls and risk mitigations are well-documented and auditable.
1. Stakeholder Communication & Training
β’ Serve as a liaison between business units, IT, legal, and compliance teams.
β’ Conduct compliance and security awareness training for employees.
β’ Communicate risk and compliance updates to senior leadership.
