GRC Analyst - IT & Cyber Risk

My client is looking for a GRC Analyst with a focus on IT & Risk. A minimum of 3 years experience is required to join their organisation based in Cork. This is a permanent role.

Key Responsibilities

GRC Transformation & Governance

• Develop, implement, and maintain the organisation's Governance, Risk & Compliance (GRC) framework.
  
  
• Create and update supporting policies, standards, procedures, and technologies.
  
  
• Define security requirements for RFPs and act as a security consultant across business and IT projects.
  
  
• Support internal and external audits, ensuring evidence is collected and remediation is tracked.
  
  
• Execute scheduled governance reviews, controls assessments, and compliance checks.
  
  

Third Party & Supplier Risk

• Maintain and mature the third-party risk governance framework.
  
  
• Conduct and coordinate onsite audits with business owners and suppliers.
  
  
• Assess vendor security and IT risks, reviewing third-party security questionnaires, DPIAs, and compliance documents.
  
  
• Manage day-to-day supplier risk activities and support ongoing monitoring efforts.
  
  

Cyber & IT Risk Management

• Conduct technical and procedural assessments of systems and business processes, with full reporting and remediation tracking.
  
  
• Define IT and Cyber Security controls for new transformation initiatives.
  
  
• Support the management of the IT risk register, including exposure analysis and risk mitigation activities.
  
  
• Oversee incident reporting for IT risk and GDPR-related notifications.
  
  
• Promote strong security awareness and risk culture across the organisation.
  
  

Security Awareness & Operational Support

• Manage phishing awareness campaigns, employee training, and corrective actions.
  
  
• Support internal communications, security announcements, and awareness initiatives.
  
  
• Contribute to security incident support activities with the Information Security team.
  
  
• Provide GRC advice to business units, including support for data protection and compliance projects.
  
  
• Produce regular reporting, dashboards, and management information.
  
  
• Maintain Security & Privacy policies and procedures.

Essential Qualifications

• Security/privacy certification such as IAPP, CDPP, CIPP, CISSP, or a relevant third-level qualification or equivalent industry experience.
  

Essential Skills & Experience

• Strong understanding of security and data protection regulations, directives, and standards.
  
  
• Experience with IT controls, risk assessments, and data protection obligations.
  
  
• Exposure to frameworks such as NIS, AI governance, GDPR, ISO 27001, PCI DSS, NIST, or similar.
  
  
• Ability to manage internal stakeholder relationships and engage with regulatory bodies.
  
  
• High ethical standards with the ability to remain impartial and handle sensitive information.
  
  
• Strong analytical, diagnostic, and problem-solving skills.
  
  
• Proven ability to work collaboratively within a team environment.
  
  
• Organised, resilient, and capable of managing workloads effectively.
  
  
• Strong communication skills, including written and verbal presentations and training delivery.
  
  

Desirable Skills

• 4+ years of relevant experience in GRC, information security, cyber risk, or regulatory compliance.
  
  
• Experience in retail, FMCG, grocery, financial, or regulated industries.
  
  
• Background in legal, insurance, or regulatory advisory work.