Governance, Risk, and Comp Security Analyst

About The Position

Requirements

• 2-4 years of hands-on experience in a GRC, information security, IT audit or compliance-focused role, ideally in a SaaS, technology or regulated environment.
• Solid working knowledge of at least one of ISO 27001, SOC 2 or Cyber Essentials, with genuine interest in developing depth across all three.
• Demonstrable experience responding to client security questionnaires and RFPs, and comfort reviewing and quality-checking vendor-generated draft responses.
• Familiarity with GRC tooling such as Vanta, Drata, OneTrust or similar, including configuring controls, evidence collection and continuous monitoring.
• Strong written communication skills, with the ability to explain technical security concepts clearly to non-technical stakeholders and customers.
• A pragmatic, risk-based mindset; able to balance security rigor with the realities of a fast-moving business.
• Highly organized, with the ability to manage multiple workstreams, deadlines and stakeholders without losing the detail.
• Comfortable working autonomously in a fully remote environment, while collaborating closely with a distributed security team and wider business.

Nice To Haves

• A relevant industry certification (or active progress towards one) such as ISO 27001 Lead Implementer/Auditor, CISA, CRISC, CC or Security+ is desirable but not essential.
• Curiosity, a bias to action and genuine enthusiasm for helping to shape what good looks like in a newly merged, ambitious organization.

Responsibilities

• Lead the response to client security questionnaires, RFPs and due-diligence requests, working with our third-party partner SecurityPal to produce initial drafts and then reviewing, refining and approving the final responses to ensure accuracy and quality.
• Support and help mature Markmonitor's compliance programs across frameworks such as (but not limited to) ISO 27001, SOC 2 and Cyber Essentials.
• Coordinate evidence gathering for internal and external audits, liaising with control owners across the business and ensuring artefacts are timely, complete and audit ready.
• Assist with third-party and vendor risk assessments, ensuring suppliers meet Markmonitor's security expectations before and during engagement.
• Help to implement, and then administer and continuously improve, our GRC SaaS platform, including control mappings, integrations, automated tests and remediation tracking.
• Support the lifecycle of Markmonitor's security policies and standards, drafting new policies, refreshing existing ones, and shepherding them through review and approval.
• Support the maintenance of the risk register, helping to identify, assess, track and report on information security risks across the business.
• Partner with engineering, IT, legal and people teams to embed security and compliance considerations into everyday ways of working.