Junior GRC Analyst
📍 Location: Hybrid - Cork
📅 Employment Type: 12 month FTC
💼 Department: Information Security / Risk & Compliance
About the Role
We are seeking a motivated Junior GRC (Governance, Risk & Compliance) Analyst to support the ongoing development and maintenance of our information security and risk management framework. This is an excellent opportunity for someone early in their cybersecurity career to gain hands-on experience across risk assessments, policy governance, third-party risk, and regulatory compliance.
You will work closely with senior GRC team members, IT, Legal, and business stakeholders to help ensure the organisation meets its security, regulatory, and contractual obligations.
Key Responsibilities
- Assist in maintaining the organisation's Information Security Management System (ISMS) aligned to standards such as ISO/IEC 27001
- Support risk assessments (enterprise, IT, and third-party risk)
- Help track and manage remediation actions and risk treatment plans
- Assist with internal audits and evidence collection
- Support vendor risk assessments and due diligence reviews
- Maintain policies, procedures, and control documentation
- Contribute to compliance monitoring for regulations such as General Data Protection Regulation
- Prepare risk and compliance reports for internal stakeholders
- Support awareness initiatives and security training programmes
Required Skills & Experience
- 0-2 years' experience in GRC, information security, IT audit, or risk (internship experience acceptable)
- Understanding of core information security principles (CIA triad, access control, risk lifecycle)
- Familiarity with common frameworks such as:
- ISO/IEC 27001
- NIST Cybersecurity Framework
- Basic understanding of data protection and privacy requirements (e.g., General Data Protection Regulation)
- Strong documentation and organisational skills
- Analytical mindset with attention to detail
- Good communication skills with the ability to engage non-technical stakeholders
Desirable
- Relevant degree (Cybersecurity, Information Systems, Risk, Law, or similar)
- Industry certifications such as:
- Certified in Risk and Information Systems Control (CRISC) - foundation level
- Certified Information Systems Auditor (CISA) - studying towards
- CompTIA Security+
- Exposure to GRC tools (e.g., ServiceNow GRC, OneTrust, Archer)
