We're partnering with a growing Managed Service Provider to find a GRC Analyst ready to own something from the ground up. This is a rare chance to join a business at the point where compliance and governance is becoming a dedicated function.

Your first job is to take that weight off them, owning the compliance workload, building out internal and external documentation, and bringing structure to how the business manages its governance obligations.

This role is deliberately designed to grow around the right person. As the function matures, you'll be looking at Cyber Essentials Plus audit management, ISO audit support, and expanding into broader cybersecurity frameworks.

What we're looking for

• Some grounding in GRC, compliance, or information security, be that through a dedicated role or as part of a broader IT position
• Familiarity with Cyber Essentials and/or ISO 27001 (hands-on experience preferred, but solid understanding considered)
• Able to write clearly. documentation and policy writing will be a core part of the role from day one
• Organised and process-driven, comfortable bringing structure to something that doesn't have much yet
• An MSP or IT services background would be a strong advantage, understanding how a services business operates would be extremely beneficial for you.

We’re not looking for a pure auditor who only works within rigid frameworks, or someone who needs a fully built function to step into. Here, you'd be the person who defines what good looks like; with the backing of a leadership team that genuinely wants to invest in this function and grow it over time.