Avalere

Information Security – GRC Analyst

Avalere

full-time

Posted on:

Location Type: Remote

Location: United Kingdom

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber SecurityServiceNow

About the role

  • Support the InfoSec GRC Lead in operating and improving the organization’s governance, risk, and compliance program
  • Review client MSAs and related security requirements
  • Support internal and client audits
  • Drive risk and exception management workflows
  • Support supplier/third-party security reviews
  • Maintain documentation and evidence for ISO/IEC 27001 & ISO/IEC 42001
  • Support continual improvement activities
  • Extract and document security requirements from client MSAs
  • Identify gaps and risks; coordinate with Legal and Privacy teams
  • Collect evidence for audit requests; ensure traceability between requirements, controls, and evidence
  • Maintain risk registers and support exception workflows
  • Assess third-party security submissions; track supplier risk ratings and remediation actions
  • Map regulatory requirements (HIPAA, GDPR, APPI) to internal controls
  • Produce operational reports on audit status/risk metrics
  • Contribute to process improvements

Requirements

  • Exceptional attention to detail
  • Strong written communication skills
  • Professional discretion handling sensitive information
  • Foundational understanding of information security concepts (access control, encryption, incident response)
  • Exposure or interest in ISO/IEC 27001 or AI governance frameworks (ISO/IEC 42001)
  • Experience supporting audits, vendor risk reviews or privacy compliance is advantageous
  • Familiarity with GRC/ticketing/documentation platforms (e.g., ServiceNow/Jira)
  • Suitable for junior candidates (1–3 years) in security, IT, risk, compliance, audit, or related fields, or equivalent demonstrated capability
  • Bachelor’s degree in information security, IT, Risk Management, Compliance, or similar is beneficial but not required with relevant experience
  • Minimum requirement: Candidate must hold or be able to achieve the ISC2 Certified in Cybersecurity (CC) certification within an agreed onboarding period (company-supported)
Benefits
  • Up to a 7% pension contribution
  • Life insurance
  • Income protection
  • Private medical insurance
  • Flexible working arrangements
  • Option to work from anywhere for two weeks each year
  • 25 days of annual leave plus two personal well-being days
  • Gifted end-of-year holidays
  • Early Summer Friday finish in June, July, and August
  • Free counselling through employee assistance program
  • Personalized health support
  • Enhanced maternity, paternity, family leave, and fertility policies
  • On-demand support from Peppy
  • Continuous opportunities for professional development
  • On-demand training
  • Global mobility opportunities
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information security conceptsaccess controlencryptionincident responseISO/IEC 27001ISO/IEC 42001audit supportvendor risk reviewsprivacy compliancerisk management
Soft Skills
attention to detailwritten communicationprofessional discretion
Certifications
ISC2 Certified in Cybersecurity (CC)