Governance, Risk, and Comp Security Analyst

Job Description

Job Description

Department: Enterprise IT

Reports To: Enterprise Security Manager

FLSA Status: Exempt

Location: Hybrid

Last Revised: May 2026

OVERVIEW

Following the merger of two industry leaders, we're strengthening our security function to match the ambition of the combined business. The Governance, Risk & Compliance (GRC) Security Analyst sits at the heart of this effort, delivering the assurance, evidence and documentation that give our security program its credibility. You'll join a growing team with a genuine opportunity to shape how GRC operates day to day - rather than inheriting an established playbook, you'll help write the new one.

Reporting to the Enterprise Security Manager, you'll lead the day-to-day delivery of client security assurance activities, strengthen Markmonitor's compliance posture across frameworks such as ISO 27001, SOC 2 and Cyber Essentials, and maintain the policies and GRC tooling that underpin our wider control environment. It's a role with real breadth and visibility, partnering with teams across the business to embed strong governance, risk and compliance practices at every level.

ESSENTIAL DUTIES & RESPONSIBILITIES (includes Other Duties as Required)

• Lead the response to client security questionnaires, RFPs and due-diligence requests, working with our third-party partner SecurityPal to produce initial drafts and then reviewing, refining and approving the final responses to ensure accuracy and quality.
• Support and help mature Markmonitor's compliance programs across frameworks such as (but not limited to) ISO 27001, SOC 2 and Cyber Essentials.
• Coordinate evidence gathering for internal and external audits, liaising with control owners across the business and ensuring artefacts are timely, complete and audit ready.
• Assist with third-party and vendor risk assessments, ensuring suppliers meet Markmonitor's security expectations before and during engagement.
• Help to implement, and then administer and continuously improve, our GRC SaaS platform, including control mappings, integrations, automated tests and remediation tracking.
• Support the lifecycle of Markmonitor's security policies and standards, drafting new policies, refreshing existing ones, and shepherding them through review and approval.
• Support the maintenance of the risk register, helping to identify, assess, track and report on information security risks across the business.
• Partner with engineering, IT, legal and people teams to embed security and compliance considerations into everyday ways of working.

POSITION REQUIREMENTS

• 2-4 years of hands-on experience in a GRC, information security, IT audit or compliance-focused role, ideally in a SaaS, technology or regulated environment.
• Solid working knowledge of at least one of ISO 27001, SOC 2 or Cyber Essentials, with genuine interest in developing depth across all three.
• Demonstrable experience responding to client security questionnaires and RFPs, and comfort reviewing and quality-checking vendor-generated draft responses.
• Familiarity with GRC tooling such as Vanta, Drata, OneTrust or similar, including configuring controls, evidence collection and continuous monitoring.
• Strong written communication skills, with the ability to explain technical security concepts clearly to non-technical stakeholders and customers.
• A pragmatic, risk-based mindset; able to balance security rigor with the realities of a fast-moving business.
• Highly organized, with the ability to manage multiple workstreams, deadlines and stakeholders without losing the detail.
• Comfortable working autonomously in a fully remote environment, while collaborating closely with a distributed security team and wider business.
• A relevant industry certification (or active progress towards one) such as ISO 27001 Lead Implementer/Auditor, CISA, CRISC, CC or Security+ is desirable but not essential.
• Above all, curiosity, a bias to action and genuine enthusiasm for helping to shape what good looks like in a newly merged, ambitious organization.

WORK HOURS

• Full-Time
• Standard business hours (Monday–Friday), with flexibility for non-standard hours to accommodate global operations and deadlines.

DISCLAIMER

This job description has been reviewed to ensure that only essential functions and basic duties have been included. Peripheral tasks, only incidentally related to the position, have been excluded. Requirements, skills, and abilities included have been determined to be the minimal standards required to successfully perform the position. In no instance, however, should the duties, responsibilities, and requirements delineated be interpreted as all-inclusive. Additional functions and requirements may be assigned by supervisors as deemed appropriate.