Rex Cyber Solutions
Website:
rexcybersolutions.com
Job details:
Role Overview
We are looking for a driven and detail-oriented Junior GRC Analyst to join our Information Security team. This role goes beyond traditional compliance work — we expect you to own your deliverables, engage proactively with stakeholders, write with exceptional clarity, and continuously find smarter, faster ways to get things done using AI and automation. If you thrive on turning complex security and compliance requirements into well-crafted policies and scalable processes, this role is for you.
Key Responsibilities
1. ISO 27001 Implementation & Compliance
▸ Support end-to-end ISO/IEC 27001 ISMS implementation, including scoping, gap assessments, risk treatment, and control mapping.
▸ Own and manage GRC deliverables such as Statement of Applicability (SoA), risk registers, and control evidence trackers.
▸ Actively participate in internal and external audits — preparing evidence packs, coordinating with auditees, and tracking Non-Conformities (NCs) to closure.
▸ Monitor the implementation roadmap, track milestones, and flag risks or delays to the GRC Manager proactively.
▸ Maintain audit readiness at all times by ensuring controls are evidenced, updated, and properly documented.
2. Policy Development & Documentation Excellence
▸ Draft, review, and revise information security policies, procedures, standards, and guidelines with a strong emphasis on clarity and readability.
▸ Translate technical security requirements into precise, jargon-free language that is easily understood by non-technical audiences, including leadership and end users.
▸ Coordinate policy reviews on a defined cycle — collecting inputs from technical teams, security operations, and management — and ensure timely sign-off.
▸ Maintain a well-structured policy library with version control, ownership tracking, and an annual review calendar.
▸ Benchmark existing policies against ISO 27001, ISO 27701, NIST CSF, and SOC 2 requirements, and identify gaps proactively.
▸ Work closely with Security, IT, Legal, and Management stakeholders to produce policies that are both compliant and operationally practical.
3. Stakeholder Collaboration & Cross-Functional Engagement
▸ Act as a bridge between the security team, technical teams, and management — translating compliance requirements into actionable tasks and meaningful outcomes.
▸ Prepare and present compliance status reports, risk summaries, and policy updates to management in a clear, concise format.
▸ Work with technical teams to validate security controls, collect evidence, and ensure implementation aligns with policy intent.
▸ Engage with external auditors, certification bodies, and third-party assessors as required, representing Rex Cyber's GRC posture confidently.
4. AI-Augmented Work & Process Improvement
▸ Leverage AI tools (such as LLMs, Copilot, or equivalent) to accelerate documentation, policy drafting, audit preparation, and reporting workflows.
▸ Proactively identify manual, repetitive GRC processes and design automation or semi-automation solutions to reduce turnaround time.
▸ Build and improve internal GRC workflows within Rex Cyber's proprietary GRC tool — suggesting enhancements and documenting process improvements.
▸ Bring new ideas, templates, and value-add initiatives to the team — you are not expected to wait to be asked; you are expected to drive improvement independently.
▸ Stay current on AI developments relevant to GRC — evaluate, adopt, and champion tools that meaningfully improve team productivity and output quality.
Qualifications & Certifications
Mandatory
▸ ISO/IEC 27001 Lead Implementer or Lead Auditor certification (valid, from an accredited body such as PECB, BSI, or equivalent).
▸ 1 – 2 years of hands-on experience in GRC, information security, or a related compliance function.
▸ Demonstrated experience in ISO 27001 project delivery — not just awareness, but active contribution to implementation or audit activities.
Strongly Preferred
▸ Working knowledge of ISO 27701 (Privacy Information Management), NIST Cybersecurity Framework, and/or SOC 2 Trust Service Criteria.
▸ Familiarity with risk assessment methodologies (asset-based, scenario-based) and risk treatment processes.
▸ Experience using AI tools in a professional capacity for content generation, analysis, or workflow automation.
▸ Exposure to a GRC platform or tool (any — commercial or proprietary) is an advantage.
Skills & Competencies
Technical Skills
- ISO 27001 ISMS implementation & auditing
- Policy and procedure drafting
- Risk assessment & treatment
- Audit evidence management
- Framework mapping (27701, NIST CSF, SOC 2)
- AI & automation tool usage
Behavioural Competencies
- Exceptional written communication & documentation clarity
- Proactive ownership & initiative-taking mindset
- Collaborative stakeholder engagement
- Analytical and structured thinking
- Ability to simplify complex ideas for varied audiences
- Self-directed learner and continuous improvement advocate
What Sets You Apart
Beyond qualifications, we are looking for someone who embodies the following:
▸ Documentation first: You write beautifully.
– Every policy, report, or email you produce is clear, structured, and professional — with zero ambiguity for the reader.
▸ Proactive by default: You don't wait to be told.
– You identify gaps, suggest improvements, and raise issues before they become problems.
▸ AI-native mindset: You use AI as a force multiplier.
– You actively experiment with AI tools, build prompts that work, and apply them to real GRC tasks — not as a novelty, but as a standard working practice.
▸ Process builder: You build, not just maintain.
– Whether it's a new tracker, a smarter workflow, or a policy template that saves the team 3 hours — you create things that outlast a task.
What We offer
▸ A remote-first, flexible work culture built around outcomes, not hours.
▸ Direct exposure to senior GRC leadership and the full lifecycle of ISO 27001 certification projects.
▸ Freedom to experiment, automate, and bring new ideas — your initiative is celebrated, not sidelined.
▸ A fast-growing cybersecurity environment where your work creates real, visible impact.
▸ Opportunities to expand into ISO 27701, NIST CSF, SOC 2, and other frameworks as the team grows.
Click on Apply to know more.