Website:
scriptassist.co.uk
Job details:
Gujarat · Hybrid · Full-time
Script Assist is building the operating system for next-generation private healthcare in the UK.
We already support tens of thousands of medical cannabis prescriptions every month through a live healthcare SaaS platform used by clinics, doctors, pharmacies and operational teams.
The platform supports prescribing, dispensing, pharmacy workflows, patient operations, records, payments, audit trails and regulated healthcare processes.
This is not generic back-office software. It is live healthcare infrastructure operating in a regulated environment where information security, data protection, evidence, controls and operational discipline genuinely matter.
As Script Assist grows, we are strengthening our foundations across:
- ISO 27001
- ISMS documentation
- information security compliance
- GRC
- audit evidence
- policies and SOPs
- risk registers
- control tracking
- GDPR and data protection documentation
- Cyber Essentials support
- regulated healthcare operations
We are looking for a sharp, organised and detail-driven GRC Analyst to help keep this compliance machine moving.
The role
This is a hands-on GRC / ISO 27001 / information security compliance role.
You will help maintain the documentation, trackers, evidence, follow-ups and control records that support our compliance framework.
This is a strong opportunity for someone who has worked in:
- GRC
- compliance
- information security compliance
- ISO 27001 support
- ISMS documentation
- audit support
- internal audit
- risk and compliance
- policy and SOP management
- regulated operations
You do not need to have independently led ISO 27001 certification.
You do not need to be a GDPR lawyer or privacy specialist.
You do need to be organised, careful, reliable and comfortable keeping compliance evidence and documentation under control.
What you’ll do
You will support:
- ISO 27001 readiness and ISMS maintenance
- compliance trackers and control follow-ups
- audit evidence collection
- policy and SOP management
- risk registers and risk treatment tracking
- internal compliance reporting
- evidence repositories
- control owner follow-ups
- Cyber Essentials or security compliance support where needed
- GDPR and data protection documentation
- DPIAs, RoPA, DSAR logs, incident logs or processor records where required
- internal compliance packs for leadership and technical teams
You will work with internal teams across technology, operations, product and leadership to make sure compliance actions are tracked, evidenced and followed through properly.
This is a practical operating role. You will be helping to make sure that nothing gets missed, forgotten, undocumented or left unmanaged.
What we’re looking for
We are looking for someone with:
- 2+ years’ experience in GRC, compliance, audit, ISO 27001 support, information security compliance, risk, governance or regulated operations
- exposure to ISO 27001, ISMS, audit readiness, control tracking or evidence collection
- experience working with policies, SOPs, risk registers, audit evidence, compliance trackers or control documentation
- strong documentation skills
- strong attention to detail
- good written English
- a structured and dependable working style
- confidence chasing internal teams for updates and evidence
- interest in healthcare SaaS, information security, ISO 27001, GRC and data protection
- ability to work in a Gujarat-based hybrid role
Helpful experience
Helpful experience includes:
- ISO 27001 evidence collection
- ISMS documentation
- internal audit support
- external audit preparation
- risk registers
- policy review
- SOP management
- control testing
- control tracking
- audit evidence repositories
- compliance dashboards or trackers
- information security compliance
- Cyber Essentials support
- GDPR / UK GDPR documentation
- DPIAs
- RoPA
- DSAR logs
- incident logs
- breach logs
- vendor or processor records
- SaaS, healthcare, fintech or regulated business experience
You do not need to have all of these. The most important thing is that you are organised, careful, clear and comfortable managing compliance evidence and follow-ups.
This role is likely a good fit if you have worked as a
- GRC Analyst
- Compliance Analyst
- Compliance Executive
- Information Security Compliance Analyst
- ISO 27001 Analyst
- ISMS Coordinator
- Risk and Compliance Analyst
- Governance Analyst
- Audit Associate
- Internal Audit Executive
- Security Compliance Executive
- Quality or Compliance Executive in a regulated business
This role is probably not a fit if you want
- a senior Compliance Manager role
- a legal counsel role
- a DPO role
- a pure HR compliance role
- a pure finance compliance role
- a purely technical cybersecurity role
- a role with no documentation, trackers or evidence management
- a role where you are not expected to chase people and keep details organised
Why join Script Assist?
This is a chance to build serious GRC experience inside a fast-growing healthcare technology company.
You will get exposure to:
- healthcare SaaS
- medical cannabis operations
- ISO 27001
- information security compliance
- GDPR and data protection
- regulated healthcare workflows
- audit readiness
- operational controls
- real compliance foundations inside a scaling business
If you are early in your compliance career and want a role where your organisation, documentation and follow-through genuinely matter, this is a strong opportunity.
Click on Apply to know more.