IT and Cyber Risk GRC Analyst

IT & Cyber Risk GRC Analyst

We’re looking for an IT & Cyber Risk GRC Analyst to support and enhance our Information Security Governance, Risk & Compliance (GRC) function. This role is ideal for someone with experience in IT risk, cyber governance, compliance frameworks, and third-party risk management who enjoys working cross-functionally to strengthen organisational security posture. You’ll collaborate closely with IT, Cyber Security, Risk, and Business stakeholders to ensure risks are identified, controls are effective, and compliance obligations are consistently met.

Responsibilities:Governance, Risk & Compliance

• Maintain and enhance the Information Security GRC framework
• Support development and updates of security policies, standards, and procedures
• Define security requirements for projects, RFPs, and new technologies
• Prepare for and support internal and external audits, tracking remediation activities
• Contribute to governance reviews, risk committee reporting, and management dashboards

IT & Cyber Risk Management

• Conduct IT and cyber risk assessments across systems, applications, and business processes
• Identify control gaps, recommend remediation actions, and track issues to closure
• Ensure alignment with recognised frameworks including:
• ISO 27001
• NIST Cyber Security Framework (CSF)
• PCI DSS
• Maintain and manage the IT risk register, including risk identification, scoring, and mitigation tracking
• Perform control effectiveness testing and ongoing risk monitoring
• Support incident management activities from a risk and governance perspective
• Promote a strong security awareness and risk culture across the organisation

Third-Party & Project Security

• Conduct third-party security risk assessments and vendor reviews
• Perform onsite or remote supplier security assessments where required
• Provide security governance input into IT projects, transformation initiatives, and system rollouts
• Collaborate with Project Managers, Solution Architects, and technical teams to embed security requirements

Operational & Reporting Support

• Maintain audit evidence, risk documentation, and compliance artefacts
• Produce risk reports, dashboards, and metrics for leadership and governance forums
• Support security awareness initiatives, including phishing simulations and follow-up analysis
• Monitor compliance with internal security standards and escalate gaps as required

What You’ll Bring

• Strong understanding of information security principles, governance, and risk management frameworks
• Experience conducting IT risk assessments, control testing, or cyber governance activities
• Ability to identify risks and define practical, risk-based control measures
• Experience working within regulated or compliance-driven environments
• Strong analytical, problem-solving, and reporting skills
• Excellent written and verbal communication skills
• Ability to manage workload independently while collaborating across multiple stakeholders
• High integrity and experience handling confidential and sensitive information

Qualifications and Certifications:

• Third-level qualification in Information Security, IT, or a related field, or equivalent experience

Certifications such as:

• ISO 27001 (Lead Implementer / Lead Auditor)
• CISSP
• CISM
• CRISC
• Security+

Apply now or email your CV to shane.doolin@realtime.jobs

Must be based in Ireland holding Stamp 4, EU, Irish Passport – No Sponsorship supported