GRC Analyst (Governance, Risk & Controls)

Time Type:Full time

Working Pattern: Hybrid

Purpose of the RoleAEGIS London are currently seeking an experienced GRC Analyst to join our team and support the operation and transformation of our control practices.

As a GRC Analyst, you will support the implementation, monitoring, and continuous improvement of AEGIS London's IT controls.

Controls span across change management, project management, change control, identity and access governance, architecture, infrastructure, IT operations and information security. Working within the Controls & Governance (C&G) function, you will contribute to the assurance of control effectiveness, risk mitigation, and compliance with internal policies and regulatory requirements. This role is ideal for a solution-oriented individual with a keen eye for detail and a proactive mindset toward risk management.

The role will report directly to the IT Controls and Governance Manager and maintain close working relationships with internal functions including IT, Change, InfoSec, HR, Internal Audit, Risk, Compliance, Third Party Oversight, Business Application Owners and external audit partners and suppliers.

Duties and Accountabilities

Controls Testing & Monitoring

Conduct regular testing of IT controls to assess design and operational effectiveness

Perform walkthroughs with control/process owners and document findings

Apply both test of Design and Operating Effectiveness methodologies

Use sampling techniques (random and judgemental) to evaluate control performance

Monitoring compliance with industry cyber security standards such as NIST and CIS

Reporting & Analysis

Evidence reviews

Prepare detailed reports on control testing outcomes, including ratings and observations

Support the development of dashboards and governance reports

Track and monitor Key Risk Indicators (KRIs) and trends

Onboarding of new controls for testing

Conduct walkthroughs with control owners to understand policies and processes pertaining to a control

Identify key evidence for controls which will be used for testing

Agree Key Risk Indicators (KRIs) with control owners to measure design and operating effectiveness

Document control testing procedures

Risk Acceptance and Exception Management

Log and track exceptions and risk acceptances

Assist in validating exception requests and ensuring compensating controls are in place

Collaborate with IT Service Delivery and Control Owners to support remediation efforts

Review of Cyber Security specific third-party risk management assessments

Process Improvements & Remediation Support

Work with control owners to identify remediation actions and enhancements to controls

Support policy and process documentation updates as well as cyber security policy creation

Project Management and Status Reporting

Provide project management for audit remediation and enhancement work, including developing and managing timelines, budget, resourcing, and activities

Produce project documentation, including status reports, project scoping and closing documents, change requests, etc

Skills, Knowledge and Experience

The successful candidate will have a demonstrable experience in the following:

IT audit, compliance or governance

Risk management and risk assessment methodologies

Control frameworks (e.g., ISO 27001, COBIT).

Standards and frameworks, e.g. ITIL, ITSM, NIST

Project management and stakeholder management

With the following skills:

Broad technical awareness: Microsoft Azure, Service Desk, SQL, Information Security etc

Strong analytical and documentation skills

Proficiency in Excel, SharePoint, PowerBI; experience with Service Management tools is a plus

Ability to work collaboratively across teams and communicate findings effectively

Proactive approach to identifying issues, presenting solutions and options and driving the resolution

Ability to interpret and apply regulatory requirements

AEGIS Values

Fairness and respect

We make decisions considering the best interests of key stakeholders. We are direct and straightforward in our actions, working collaboratively to create a culture of fairness and respect.

Open and inclusive

We act with integrity, valuing diversity of thought and background. We take time to listen to the needs of our customers, stakeholders and colleagues working together to seek and share information.

Ambitious

We have a passion for success, aspiring to be recognised as best in class. We embrace new opportunities, encouraging innovation in pursuit of our goals.

Striving to be better

We strive to improve at all times, challenging complacency, being agile and adapting to change. We always seek to improve our customers’ experience with us.

Investing in people’s potential

We provide an environment where each employee can reach their personal potential. We encourage personal accountability for performance and individual ownership for growth and success.

AEGIS London is an equal opportunities employer and recognises the value of a diverse workforce in facilitating better decision making and business growth. We encourage a variety of differing views, perspectives and insights to create a collaborative working environment. Diversity and Inclusion are fundamental to our business and we encourage applications from all backgrounds recognising the diversity of society and our customers.

It’s important to us that you are able to perform at your best when applying for a role with AEGIS London. If there are any adjustments we can reasonably make to ensure that the process is accessible for you please telephone us on +44(0)20 7856 7856 or email

As a business, we understand individual circumstances may differ and aim to be adaptable and to support flexible working practices. Talk to our recruitment team to understand how AEGIS London can help support you in reaching your full potential

JR100109