Senior GRC Analyst (12 Month Fixed Term)

Rimes provides enterprise data management solutions to the global investment community. Driven by our passion for solving the most complex data problems, we provide our clients with investment intelligence that powers more than US$75 trillion in assets under management annually. The world’s leading institutional investors, asset managers and service providers rely on Rimes to help them make better investment decisions using accurate information and industry-leading technology.

This Senior GRC Analyst position provides 12 months of maternity leave cover and plays a pivotal role in strengthening our governance, risk, and compliance capabilities. The role will lead the organisation’s efforts to achieve ISO 27001 certification within the next 12 months and drive continued maturity across our security and compliance programmes

The Senior GRC Analyst shapes and maintains our security governance programme, oversees risk and compliance activities, and acts as a key advisor across the business. The role partners closely with IT, legal, and operational stakeholders to strengthen security controls, improve compliance maturity, and embed a strong culture of accountability. 

• →Lead the development and maintenance of cybersecurity policies, standards, and procedures aligned with frameworks such as ISO 27001, NIST, SOC 2, CIS, HIPAA, and GDPR. 
• →Drive ISO 27001 readiness activities, including ISMS support, evidence collection, remediation tracking, and audit coordination. 
• →Conduct risk assessments across systems, processes, and third parties, ensuring identified issues are prioritised and resolved. 
• →Serve as the primary contact for external auditors and internal stakeholders during security and compliance assessments. 
• →Lead control design, testing, and continuous monitoring, ensuring audit and certification evidence is accurate and complete. 
• →Oversee GRC tools and reporting dashboards, providing leadership with actionable insights on compliance and risk posture. 
• →Support security awareness efforts with risk-based guidance and training content. 
• →Collaborate across business and technology teams to integrate security and risk considerations into new projects and vendor engagements. 
• →Contribute to business continuity and disaster recovery activities from a compliance and risk perspective. 
• →Monitor regulatory and standards developments and advise on required organisational changes. 

• Experienced in buy-side and sell-side due diligence, customer security questionnaires, and vendor risk assessments. 
• Strong working knowledge of frameworks such as ISO 27001, NIST CSF, CIS Controls, and SOC 2. 
• Skilled in developing cybersecurity policies, standards, and control requirements. 
• Experienced with operational risk methodologies and control assurance. 
• Comfortable with GRC platforms and workflow/ticketing tools. 
• Analytical, detail-oriented, and capable of producing clear, audit-ready documentation. 
• Excellent communicator able to simplify complex topics for non-technical audiences and influence stakeholders. 
• Strong multitasker with the ability to lead parallel initiatives and work collaboratively. 
• Proactive and committed to staying current on security trends, compliance standards, and emerging risks. 
• Certifications for ISO 27001 (Lead Implementer/Auditor), would be required. 

Compensation: Competitive pay and bonus eligibility 

Work Life Balance: Flexible hybrid work environment