Junior GRC Analyst (12-Month FTC)

Role Purpose

To support the Information Security & Privacy team in managing IT risk, ensuring regulatory compliance (including NIS2, GDPR, and AI regulations), and maintaining a robust third-party governance framework.

Core Responsibilities

• Third-Party & Supplier Risk: Maintain and mature the third-party governance framework, review assessment questionnaires (DPIAs), and coordinate with business owners for onsite audits.
• Risk Management: Manage the execution of the Risk Working Committee (RWC); ensure IT risks are captured, logged, and mitigated through stakeholder engagement.
• Security Awareness: Lead the day-to-day execution of phishing campaigns, corrective actions, and employee security training and announcements.
• Incident & Compliance: Manage daily incident reporting for IT risks and GDPR breach notifications. Support the wider team during active security incidents.
• Audit & Controls: Execute scheduled governance reviews, assist with audits, and review documentation to ensure compliance with security policies.
• Advisory & Admin: Provide security and data protection advice for internal projects and manage daily administrative tasks, including the GRC mailbox and MI reporting.

Key Requirements

• Experience: Previous exposure to GRC, IT Audit, or Data Protection.
• Regulatory Knowledge: Familiarity with GDPR, NIS2, and evolving AI compliance standards.
• Skills: Ability to maintain policies/procedures, produce management information (MI), and track risk registers.
• Attributes: Highly organized with the ability to manage multiple operational "day-to-day" streams effectively.

Working Pattern

• Hybrid: A balanced split between the Cork office and remote work.