Junior GRC Business Analyst

• Contract
• Central London - 2-3 days on-site per week
• Up to £250 per day

Our client, a professional services firm are seeking a talented individual to join their Governance, Risk and Compliance team on a contract basis. This is an excellent entry-level contract opportunity to gain hands-on experience supporting and maintaining a robust Information Security Management System (ISMS) in line with ISO 27001, while contributing directly to day-to-day risk management in a high-profile professional services organisation. you'll work closely with IT, legal, compliance, and business stakeholders to protect critical operations, manage risks effectively, and support secure business growth. With a long-term assignment on the horizon, this role offers real stability and development potential in a respected firm.

Job Title: Junior GRC Business Analyst
Job Type: Contract
Rate: Up to £250 per day
Working arrangement: Hybrid - 2-3 days a week in the office
Office Location: Central London

The Role As Governance, Risk and Compliance Business Analyst, you will:

• Support and maintain the organisation's ISMS in alignment with ISO 27001 controls and clauses
• Assist in risk treatment planning, track remediation efforts, and contribute to continuous improvement
• Maintain and review the Statement of Applicability (SoA), ensuring effective implementation of controls
• Provide valuable input for management reviews and drive ISMS improvement actions
• Conduct regular risk assessments and reviews across systems, vendors, and business processes
• Identify, evaluate, and prioritise information security and operational risks
• Maintain and update the risk register, including clear ownership, mitigation strategies, and timelines
• Collaborate with control owners to assess residual risk and document risk decisions
• Communicate risks to stakeholders with clear, actionable recommendations and business context
• Work closely with IT, legal, and compliance teams to enable secure and compliant business operations

What We're Looking For

• 2-3 years' relevant experience in business analysis and governance, risk, compliance, or information security
• Practical understanding of ISO 27001 frameworks, risk assessment methodologies, and ISMS maintenance
• Experience maintaining risk registers, tracking remediation, and supporting risk treatment plans
• Strong analytical skills with the ability to evaluate risks, prioritise issues, and provide clear recommendations
• Excellent communication skills to engage stakeholders and present risks in a business-friendly way
• Collaborative mindset and comfort working across teams (IT, legal, compliance)
• Prior exposure to professional services, financial services, or regulated environments is advantageous
• Motivated self-starter eager to develop expertise in GRC and information security

Services offered by Computappoint Limited are those of an Employment Business and/or Employment Agency in relation to this vacancy.

Computappoint do not use AI to filter or assess candidates, we use experienced and dedicated recruiters, who want to match the best people to roles.