About The Role

Talenza are partnering with a national heavy goods organisation to engage a Cyber GRC Analyst on an initial 12-month contract. You'll embed within the Cyber GRC team and provide practical, day-to-day support across governance, risk and compliance activities.

This engagement is heavily focused on helping business units adopt and apply an existing cyber security policy suite, supporting security awareness and training delivery, and assisting with audit preparation and remediation tracking. It's well suited to a GRC practitioner who's confident engaging with stakeholders and enjoys translating policy obligations into pragmatic controls and processes.

Skills (Requirements)

• Strong GRC fundamentals across governance, risk, compliance, and control frameworks
• Demonstrated experience supporting cyber security policy adoption across business units
• Experience supporting or delivering security awareness and training programmes (incl. campaign/content coordination)
• Audit support experience: evidence gathering, coordination, findings tracking, and remediation follow through
• Strong stakeholder engagement skills across IT and non-IT teams (clear, practical communication)
• Ability to work independently, manage competing priorities, and contribute within a team environment
• Working knowledge of ISO 27001 and/or Essential Eight

Desirables

• Tertiary qualification in Cyber Security, IT, Risk, or a related discipline
• Relevant certifications (e.g., CISM, CRISC, CISA or equivalent)
• Experience in large enterprise and/or regulated environments
• Exposure to GRC platforms and risk register tooling
• Additional experience supporting third-party / supplier risk activities

Role Responsibilities

• Support business units to understand and apply the cyber security policy suite in day-to-day operations
• Assist with policy exception management and tracking
• Identify and document gaps between current practice and policy requirements
• Help translate policy obligations into practical controls, processes and artefacts
• Support security awareness and training delivery across multiple jurisdictions (coordination, tracking, reporting)
• Track completion and compliance with mandatory training requirements; coordinate sessions with stakeholders and L&D
• Assist with internal/external audits: evidence collection, coordination, and audit readiness activities
• Maintain remediation registers, track findings, and support business units through remediation actions
• Contribute to risk assessment activities (documentation, coordination, tracking) and GRC reporting/metrics
• Support third-party/supplier risk assessments as required, plus additional GRC project work as prioritised