The Role This role is part of the Group Governance, Risk & Compliance function and supports the Group Head of Governance, Risk & Compliance and Group Data Protection Officer by helping to operate, evidence, monitor and improve the Group Integrated Management System and associated governance, risk, compliance and assurance activities. As Governance, Risk & Compliance Analyst, you will provide hands‑on support across the Group GRC function, helping to maintain governance records, coordinate assurance activity, support internal and external audits, assist with risk and supplier assessments, and maintain evidence that demonstrates compliance with Ekco's management system and customer assurance obligations. The role is suited to someone with a developing understanding of governance, risk, compliance, information security or management system standards, who is able to work accurately, follow structured processes and support stakeholders across different regions and business functions. Experience with ISO/IEC 27001 is strongly desirable, with exposure to ISO 9001, ISO 14001, ISO/IEC 20000‑1, ISO 22301, ISO/IEC 27701, ISO/IEC 42001 or related assurance frameworks being beneficial. Responsibilities Integrated Management System Support Maintain IMS records, registers, action trackers and evidence repositories in line with GRC processes. Support the preparation of IMS Audit & Risk Committee materials, including action updates, meeting packs, evidence requests and follow‑up tracking. Assist with the IMS management review process by coordinating inputs, collating evidence and maintaining supporting records. Support continual improvement activity by tracking improvement actions, maintaining status updates and helping stakeholders provide clear progress evidence. Assist with policy and process administration, including version control, review scheduling, publication support and stakeholder feedback tracking. Risk Management Support Assist with risk assessments across governance, compliance, information security, service management, business continuity, environmental and quality areas. Maintain risk register updates, review reminders, action tracking and supporting evidence under the direction of the Senior GRC Analyst or Group Head of GRC. Support business stakeholders in documenting risks, controls, treatment actions and review updates clearly and consistently. Prepare routine risk reports, dashboards and summaries for review by the GRC team. Help identify incomplete, overdue or unclear risk records and escalate these for follow‑up. Audit, Assurance and Certification Support Support internal audit planning, scheduling, evidence gathering, note taking and audit report preparation. Assist with external audit and certification activities by coordinating evidence requests and maintaining audit trackers. Track audit findings, opportunities for improvement, corrective actions and remediation evidence. Support customer assurance requests, tender responses and due diligence questionnaires by gathering approved information and evidence from controlled sources. Maintain accurate records of assurance responses, evidence used and follow‑up actions. Supplier Governance and Compliance Support Assist with supplier due diligence assessments, annual supplier reviews and supplier risk records. Collect and review supplier assurance documents, including certifications, security summaries, privacy documentation and contractual evidence. Maintain supplier governance records and escalate incomplete, inconsistent or higher risk submissions for review. Support the preparation of supplier review summaries and risk commentary for approval by senior GRC colleagues. Assist in monitoring changes in supplier assurance status, documentation expiry dates and recurring review requirements. Reporting, Training and Awareness Prepare draft reports, summaries and metrics for GRC activities, including risk, audit, assurance, supplier governance and IMS performance. Support the development and maintenance of training and awareness materials for governance, risk and compliance topics. Help promote a culture of risk awareness, accountability and compliance across the organisation. Maintain clear, accurate and auditable working records in Microsoft 365, Teams and SharePoint. Work collaboratively with stakeholders across regions and functions to obtain information, clarify actions and support timely completion of GRC activities. Requirements Skills and Abilities Professional English written and verbal communication skills. Strong attention to detail and the ability to maintain accurate records. Ability to follow structured processes and work through tasks to completion. Good organisational skills and ability to manage multiple activities and deadlines. Ability to work independently while knowing when to elevate questions, risks or blockers. Collaborative approach and ability to work with stakeholders across different teams and regions. Good working knowledge of Microsoft Office, Teams and SharePoint and related collaboration tools. Willingness to learn quickly and develop technical knowledge in governance, risk and compliance. Knowledge and Experience Experience in governance, risk, compliance, audit, information security, service management, supplier governance or a related control environment. Awareness of ISO/IEC 27001 or information security management system requirements. Exposure to ISO 9001, ISO 14001, ISO/IEC 20000‑1, ISO 22301, NEN 7510, SOC 2, ISAE 3402 or similar frameworks is beneficial. Experience supporting audits, evidence gathering, risk assessments, supplier reviews or customer assurance activities is desirable. A relevant qualification or willingness to work towards one in GRC, audit, information security, data protection or management systems would be beneficial. Benefits / Perks Birthday Leave: One extra day off to celebrate. Company Pension Scheme. EkcOlympics: Global team activity challenges. Unlimited access to Pluralsight for continuous development. Real opportunities to grow, including international progression. #J-18808-Ljbffr