IT GRC Analyst

The Role:

A leading financial services organisation based in the heart of the City of London is seeking an IT GRC Analyst to join its growing first line technology function. This is an excellent opportunity for a proactive professional with at least 3 years’ experience in IT Governance, Risk and Compliance (GRC) to take the next step in a hands-on, delivery-focused role — helping to embed and operationalise IT risk and control frameworks within a highly regulated, technology-driven environment.

Working closely with IT, Security and Business teams, you’ll play a key role in implementing, monitoring and improving controls, driving remediation activity, and supporting the business in meeting its governance and compliance obligations.

Key Responsibilities

Governance & Control Implementation

• Support the rollout and maintenance of IT GRC frameworks, policies and standards across technology teams.
• Embed governance requirements within day-to-day IT operations, ensuring alignment to policies and risk appetite.
• Help prepare GRC and control reporting for IT and business stakeholders.
• Promote awareness and understanding of IT risk and control responsibilities across teams.

Risk Management & Remediation

• Identify and assess IT and operational risks within projects and services.
• Work directly with control and risk owners to develop, implement and track remediation and improvement plans.
• Maintain up-to-date risk and issue logs and support risk reviews across technology functions.
• Assist with operational risk assessments and reporting activities.

Compliance & Control Testing

• Conduct first line control testing and evidence gathering to confirm control design and effectiveness.
• Support internal and external audit readiness by ensuring documentation and evidence are complete and accurate.
• Assist in the coordination of compliance activities with third-party suppliers and internal teams.
• Contribute to maturity assessments and continuous improvement initiatives for IT controls.

Key Skills and Experience

• Minimum 3 years’ experience in IT risk, control implementation or technology compliance roles.
• Good understanding of IT risk management and control frameworks (ISO 27001, NIST, COBIT, etc.).
• Hands-on experience supporting control testing, risk assessments, or remediation work.
• Strong analytical, organisational and documentation skills.
• Comfortable working directly with IT teams to embed governance processes.
• Confident communicator, able to translate control requirements into practical action.
• Financial services or other regulated sector experience advantageous.
• Relevant certifications (e.g. ITIL, CompTIA Security+, CRISC, CISSP Associate) desirable.

Why Join?

• Be part of a first line GRC team driving real change and embedding good governance practices across technology.
• Gain hands-on experience implementing controls and improving IT risk management processes.
• Collaborative, supportive culture with a focus on professional development.
• Hybrid working with modern City offices and excellent benefits.

For a full consultation, send your CV to ARC IT Recruitment.