GRC Analyst - IT & Risk

About the jobMy client is looking for a GRC Analyst with a focus on IT & Risk. A minimum of 3 years experience is required to join their organisation based in Cork. This is a permanent role.Key ResponsibilitiesGRC Transformation & GovernanceDevelop, implement, and maintain the organisation's Governance, Risk & Compliance (GRC) framework.Create and update supporting policies, standards, procedures, and technologies.Define security requirements for RFPs and act as a security consultant across business and IT projects.Support internal and external audits, ensuring evidence is collected and remediation is tracked.Execute scheduled governance reviews, controls assessments, and compliance checks.Third Party & Supplier RiskMaintain and mature the third-party risk governance framework.Conduct and coordinate onsite audits with business owners and suppliers.Assess vendor security and IT risks, reviewing third-party security questionnaires, DPIAs, and compliance documents.Manage day-to-day supplier risk activities and support ongoing monitoring efforts.Cyber & IT Risk ManagementConduct technical and procedural assessments of systems and business processes, with full reporting and remediation tracking.Define IT and Cyber Security controls for new transformation initiatives.Support the management of the IT risk register, including exposure analysis and risk mitigation activities.Oversee incident reporting for IT risk and GDPR-related notifications.Promote strong security awareness and risk culture across the organisation.Security Awareness & Operational SupportManage phishing awareness campaigns, employee training, and corrective actions.Support internal communications, security announcements, and awareness initiatives.Contribute to security incident support activities with the Information Security team.Provide GRC advice to business units, including support for data protection and compliance projects.Produce regular reporting, dashboards, and management information.Maintain Security & Privacy policies and procedures.Essential QualificationsSecurity/privacy certification such as IAPP, CDPP, CIPP, CISSP, or a relevant third-level qualification or equivalent industry experience.Essential Skills & ExperienceStrong understanding of security and data protection regulations, directives, and standards.Experience with IT controls, risk assessments, and data protection obligations.Exposure to frameworks such as NIS, AI governance, GDPR, ISO 27001, PCI DSS, NIST, or similar.Ability to manage internal stakeholder relationships and engage with regulatory bodies.High ethical standards with the ability to remain impartial and handle sensitive information.Strong analytical, diagnostic, and problem-solving skills.Proven ability to work collaboratively within a team environment.Organised, resilient, and capable of managing workloads effectively.Strong communication skills, including written and verbal presentations and training delivery.Desirable Skills4+ years of relevant experience in GRC, information security, cyber risk, or regulatory compliance.Experience in retail, FMCG, grocery, financial, or regulated industries.Background in legal, insurance, or regulatory advisory work.