Technical GRC Analyst

Salary: £33,000 - 47,000 per year

• We require experience in IT risk, compliance, or GRC roles within a SaaS or technology environment.
• We require an understanding of GDPR and handling personal data, especially sensitive or child/student data.
• We require experience performing risk assessments using structured frameworks and defined processes.
• We require the ability to interpret policies and apply them to operational and real‑world scenarios.
• We require strong organisational, coordination, and documentation skills, including audit trails, evidence, and decision logs.
• We require experience working with cross‑functional teams such as engineering, product, and operations.
• We require experience supporting operational security assurance activities such as evidence collection, control validation, remediation tracking, or audit preparation.
• We prefer familiarity with ISO 27001, Cyber Essentials, or similar frameworks.
• We prefer experience supporting audits, evidence collection, or remediation tracking activities.
• We prefer experience with vendor and third‑party risk management.
• We prefer exposure to data protection processes such as SARs, DPIAs, and data sharing assessments.
• We prefer exposure to data classification, data governance, or data loss prevention processes.
• We prefer experience with GRC, compliance, or assurance platforms such as Vanta or Drata, and ticketing or workflow management tools.
• We prefer exposure to Microsoft 365 security and compliance tooling such as Entra , Intune, Secure Score, and Defender.
• We prefer a basic understanding of cloud and SaaS architecture and common security controls.

• We administer and operate IT risk, compliance, and security assurance processes aligned to our internal policies and regulatory requirements, including GDPR.
• We act as a central point of contact for compliance‑related requests such as Subject Access Requests, data sharing requests, access requests, exceptions, and supplier onboarding.
• We perform risk assessments using defined criteria, with a focus on data protection and information security risks.
• We review requests against our defined policies and controls, escalating where appropriate in line with our governance processes.
• We support third‑party and supplier risk assessments, including reviewing security and data protection documentation and tracking follow‑up actions.
• We support periodic reviews of high‑risk and business‑critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place.
• We support the implementation and ongoing operation of compliance and assurance tooling, including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities.
• We ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes.
• We support internal and external audits, including evidence gathering, action tracking, and coordination of remediation activities.
• We monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review.
• We support coordination and operational delivery of security improvement initiatives across IT and business teams.
• We support incident management processes through documentation, tracking, and coordination of follow‑up actions.
• We coordinate security awareness activities, including phishing simulation campaigns and training tracking.
• We assist with reviews of security tooling configurations and collection of supporting control evidence.
• We work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed.
• We contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust.

• Cloud
• Support
• Microsoft 365
• Security
• Office 365

Bromcom is an equal opportunities employer. We are seeking a Technical GRC Analyst to support the day‑to‑day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment. This role gives us exposure across governance, operational security assurance, compliance, and risk management, working closely with the IT & Information Security Manager and our wider IT team.

We offer the opportunity to help maintain audit readiness, support assurance activities, and coordinate remediation and evidence management across the organisation while contributing to a business that values scalability, operational efficiency, and customer trust.

last updated 25 week of 2026