[Hiring] Security GRC Analyst @Employment Hero

Role Description

Employment Hero is seeking a Security GRC Analyst to join our Information Security department. In this build-centric and technical position, you will be responsible for engineering the integrations, tooling, and automation that power our GRC program. You will collaborate with our GRC Specialist (Audit) to ensure our compliance is continuous, verifiable, and automated, reducing manual effort across the board.

This role offers true ownership of our compliance automation from the start. You will transform control monitoring and evidence gathering into functional code while integrating the core systems that support our certifications. This is an ideal opportunity for an engineer with a compliance background, or a GRC expert who enjoys building, to scale automated security operations within a high-growth environment.

As a GRC Analyst, you will be involved in:

• Audit & Compliance Operations
  • Build and extend our in-house GRC automation platform (Python services on cloud infrastructure) that automates evidence collection, control checks, compliance letters and lost-device handling.
  • Build and run LLM-based tooling that reviews controls for evidence gaps and routes them to the right owners.
  • Own the day-to-day maintenance of Vanta: keep controls current, collect evidence from stakeholders, and manage control statuses across our certification portfolio.
  • Support audit preparation across our ISO and SOC 2 programs: prepare documentation, track auditor requests, and keep audit cycles on schedule.
  • Coordinate evidence collection and follow-ups with internal teams so that nothing is missed.
  • Maintain and report on compliance posture (control health, overdue evidence, vendor review status) to the security team.
• Risk & Vendor Support
  • Assist with risk assessments: document, track, and follow up on identified risks in our GRC tooling.
  • Support third-party and vendor risk processes: coordinate vendor questionnaires, track review status, and maintain vendor registers.
• Policy & BAU
  • Help maintain and review information security policies: flag outdated content, track review cycles, and support updates where needed.
  • Assist with broader GRC BAU tasks as the team’s needs evolve.

Qualifications

• A relevant degree or certification (e.g. CompTIA Security+, ISO 27001, ISO 27701, ISO 42001 Lead Auditor, Certified in Cybersecurity).
• A background in constructing LLM-based solutions and the ability to execute end-to-end automation of manual workflows are highly valued assets.
• 2 – 4 years in a GRC, compliance, or audit role (analyst, coordinator, or similar).
• Experience working in a tech, SaaS, or scale-up environment.
• Familiarity with Vanta or similar compliance automation tools (e.g. Drata, Tugboat Logic) is a strong plus.
• A working understanding of frameworks like ISO 27001 or SOC 2. You do not need to be an expert, but you should know the basics.
• Exposure to privacy or AI governance frameworks such as ISO 27701, 27018, or 42001.
• Strong attention to detail and reliable follow-through. Organised and self-directed, able to manage multiple workstreams at once.
• Clear communicator who is comfortable chasing stakeholders, asking questions, and keeping people accountable in a friendly but persistent way.
• Eager to learn and open to feedback, with a genuine drive to grow in information security. The technical depth can be built, the mindset needs to be there.
• A strong focus on continuous improvement, with a proven ability to challenge the status quo constructively.

Benefits

• You will work remotely, with the flexibility to own your time and impact.
• You will access cutting-edge tools to amplify your work, knowledge and outputs.
• You’ll surround yourself with ambitious, outcome-driven colleagues who challenge you to do the best work of your life.
• You’ll own ESOP (employee share options) in one of the world’s fastest-growing tech companies.
• You’ll also have access to a wide range of benefits that includes:
  • A very generous parental leave policy.
  • Subsidised egg freezing (so you can make the choice that’s right for you, on your terms).
  • A WFH office expense budget.
  • Outstanding learning & development opportunities.