THE IDEAL CANDIDATE

Our employees are talented people, distinguished by excellence, with a willingness to embrace team working and a passion for client service. You will be able to demonstrate a similar supportive, flexible, driven ethos.

You will be certified in, studying towards or starting to study in one or more of:

• (ISC)² Certified in Cybersecurity (CC)
• ISACA Cybersecurity Fundamentals Certificate
• BCS Foundation Certificate in Information Security Management Principles (CISMP)
• ISO/IEC 27001 Foundation
• Certified in Risk and Information Systems Control (CRISC) – Associate Pathway
• NIST Cybersecurity Framework (NCSF) Foundation

ROLE INTRODUCTION

The Information and Cyber Security team is responsible for identifying and mitigating cyber security risks across the firm, while ensuring ongoing compliance with regulatory requirements and industry best practices.

We are currently recruiting for an early career Governance, Risk, and Compliance (GRC) Analyst to join our team based in Bristol, with hybrid working available. This is a hands-on role suited to someone with some experience in GRC or risk-related functions, and an understanding of security domains such as:

• Governance
• Risk Management
• Compliance
• Security Awareness & Training
• Incident Response & Business Continuity
• Data Protection & Privacy

This role requires curiosity, attention to detail, a willingness to learn, and strong communication skills.
The ideal candidate will have a basic understanding of information security principles and a keen interest in risk and compliance. They should be eager to develop their knowledge of regulatory requirements and security frameworks, and comfortable working with documentation, supporting risk assessments, and assisting in the development and review of policies and controls.

MAIN RESPONSIBILITIES

The GRC Analyst will be responsible for supporting the identification, assessment, and management of information security risks, and helping ensure compliance with relevant regulations and frameworks. They will work closely with technical and business teams to maintain and improve the firm’s security governance processes.

The day-to-day responsibilities include:

• Assist with risk assessments and maintain risk registers.
• Support the development and review of security policies and procedures (ISMS).
• Help track compliance with regulatory and framework requirements (e.g., ISO 27001, Cyber Essentials Plus, SRA)
• Contribute to internal and external audit preparation and evidence gathering.
• Maintain documentation related to controls, risks, and compliance activities.
• Support security awareness and training initiatives.
• Participate in incident response and business continuity planning exercises.