GRC Analyst (ISO 270001)

Our vision is to give everyone the belief they can make their move. We aim to make moving simpler, by giving everyone the best place to turn to and return to for access to the tools, expertise, trust, and belief to make it happen.

We’re home to the UK’s largest choice of properties and are the go-to destination for millions of people planning their next move, reading the latest industry news, or just browsing what’s on the market. 

---

 

The role 
We are seeking a proactive and detail-oriented GRC Analyst to join our Technology Risk team. This is a vital, hands-on role supporting the Head of Technology Risk and Delivery Assurance in executing our wider tech risk roadmap and maintaining a secure, compliant environment. 

As a GRC Analyst, you will play a pivotal part in the day-to-day management of our compliance frameworks. A significant portion of your role will involve acting as the bridge between compliance mandates and our technical teams. You will be responsible for translating high-level governance and security frameworks into practical, actionable requirements that seamlessly embed into our product and engineering workflows. This is an excellent opportunity for a tech-savvy risk professional to help foster a culture where compliance enables, rather than hinders, our product development. 

What you’ll be doing 

• Compliance Control Management: Support the day-to-day administration, maintenance, and continuous improvement of our internal control framework and our ISO 27001-aligned Information Security Management System (ISMS). 

• Engineering Translation: Act as a crucial liaison between compliance functions and technology teams. Translate governance, risk, and compliance requirements into clear technical specifications, user stories, and actionable tickets for engineering. 

• Risk Assessments & Audits: Act as a key filter for our internal and external audits, identify vulnerabilities, and collaborate with technical teams to implement appropriate controls. 

• Delivery Support: Support the broader Technology Risk strategy by helping to roll out new frameworks, track metrics, and embed automated compliance practices into team workflows. 

• Process Integration: Work closely with engineering to integrate security obligations into their existing ways of working (e.g., within Agile/Jira workflows), ensuring a frictionless approach to GRC. 

• System Resilience: Assist in performing security due diligence on third-party suppliers, software, and technical partners and business continuity actions to support monitoring systems. 

We’re looking for someone with 

• Framework Expertise: Strong, demonstrable familiarity with security compliance standards (iso27001 preferable, but not exclusive), including a practical understanding of controls, risk treatments, and evidence gathering. 

• Technical Fluency: A solid understanding of modern technology teams and development processes, giving you the ability to effectively translate complex compliance risks into a language developers understand. 

• Pragmatic Mindset: A problem-solving approach to risk management, with the ability to balance robust security requirements against the need for efficient product delivery. 

• Collaboration and Communication: Exceptional interpersonal skills, with the ability to collaborate seamlessly across both technical teams and compliance/legal functions. 

• Process Focus: The ability to understand technical workflows and help design compliance processes that enhance, rather than disrupt, team efficiency. 

What you’ll bring to the role 

• Demonstrable experience (typically 2-4 years) working in a Governance, Risk, and Compliance (GRC) or Information Security role. 

• Hands-on experience with the practical application and maintenance of ISO 27001 within a corporate environment. 

• A big plus: Previous experience in a technical role (e.g. systems administration, software engineering) or extensive experience working directly alongside engineering teams. 

• Familiarity with Agile tracking tools (such as Jira) and an understanding of how to embed GRC requirements into development backlogs. 

• A proactive, results-oriented attitude with a passion for building a strong security culture within dynamic technology teams. 

---

About Rightmove

Our vision is to give everyone the belief that they can make their move. We aim to make moving simpler, by giving everyone the best place to turn to and return to for access to the tools, expertise, trust and belief to make it happen.

We're home to the UK's largest choice of properties, and are the go-to destination for millions of people planning their next move, reading the latest industry news, or just browsing what's on the market.

Despite this growth, we’ve remained a friendly, supportive place to work, with employee #1 still working here!  We’ve done this by placing the Rightmove Hows at the heart of everything we do. These are the essential values that reflect our culture, and include:

• We create value…by delivering results and building trust with partners and consumers.
• We think bigger…by acting with curiosity and setting bold aspirations.
• We care deeply…by being real, having fun, and valuing diversity.
• We move together…by being one team - internally collaborative, externally competitive.
• We make a difference…by focusing on delivering measurable impact.

We believe in careers that open doors and help our team develop by providing an open and inclusive work environment, offering ongoing training opportunities, and supporting charity fundraising events. And with 88% of Rightmovers saying we’re a great place to work, we’re clearly doing something right! 

If all of this has caught your eye, you may well be a Rightmover in the making......

People are the foundation of Rightmove - We’ll help you build a career on it.

What we offer 

• Cash plan for dental, optical and physio treatments.
• Private Medical Insurance, Pension and Life Insurance, Employee Assistance Plan.
• 27 days holiday plus two (paid) volunteering days a year to give back, and holiday buy schemes.
• Hybrid working pattern with 2 days in the office.
• Contributory stakeholder pension.
• Life assurance at 4x your basic salary to a spouse, family member or other nominated person in your life.
• Competitive compensation package.
• Paid leave for maternity, paternity, adoption & fertility.
• Travel Loans, Bike to Work scheme, Rental Deposit Loan.
• Charitable contributions through Payroll Giving and donation matching.
• Access deals and discounts on things like travel, electronics, fashion, gym memberships, cinema discounts and more.

---

As an Equal Opportunity Employer, Rightmove will never discriminate based on age, disability, sex, race, religion or belief, gender reassignment, marriage / civil partnership, pregnancy/maternity or sexual orientation. 

At Rightmove, we believe that a diverse and inclusive workforce leads to better innovation, productivity, and overall success., We are committed to creating a welcoming and inclusive environment for all employees, regardless of their background or identity, to develop and promote a diverse culture that reflects the communities we serve. 

---

By applying, you confirm that you are aged at least 18 or over and that you’ve read and understood our Privacy Policy, which explains how we handle and protect your personal information during the recruitment process.