GRC Analyst

The Governance Risk and Compliance (GRC) Analyst is responsible for supporting the operational development and implementation of an effective enterprise-wide industry aligned GRC framework. We are looking for someone with a minimum of 2 years’ experience in similar roles and a demonstrable track record of delivering tangible outcomes in complex organizations.

As the GRC Analyst you will be familiar with industry standards in information security and be able to support the development of an approach to risk management, compliance and control implementation that balances the need for robust security with the need to allow the business to achieve its goals.

Navigating a complex environment, you should be comfortable collaborating with technical teams and coordinating with business stakeholders to articulate security requirements and drive a proactive security by design approach in support of enterprise projects.

If you have a positive mindset, can map risk to business value with a practical, adaptable, and innovative approach then this is the role for you!


  • Support the Head of GRC in designing, implementing, and maintaining all aspects of the Information Security Management System (ISMS) across the organisation working with key stakeholders such as IT Operations, Procurement, Legal, HR, Commercial, Marketing and Finance.
  • Conduct detailed risk assessments across a broad scope of enterprise systems, projects, and technologies. Drive risk remediation activities and produce actionable insights and reporting in support of the CIO and wider group initiatives.
  • Draft, review and maintain Information Security policies, standards, procedures, and guidelines to enhance the delivery of an embedded governance program.
  • Provide Information Security subject matter expertise in collaboration with cross-functional teams and external partners in support of enterprise projects.
  • Contribute to the development of security requirements, conduct assessments of the security controls environment, and provide practical recommendations for control implementation to drive assurance across enterprise projects.
  • Design, implement and maintain an effective training and awareness program to foster a positive security culture and embed security best practices. Generate creative solutions to drive engagement and awareness with measurable outputs.
  • Contribute to the development of a practical third-party risk management program using a scalable, measurable and automated approach.
  • Contribute to the evolution of GRC capabilities to ensure we continually mature and maintain a proactive posture. Support the management and maintenance all tooling for delivering GRC capabilities into the organisation.
  • Work closely with the wider Information Security function to unify approaches to delivery of our services, engagement, reporting and communication.


  • A solid understanding of information security practices, frameworks and cyber security controls, with the ability to translate into real world practical sustainable implementation.
  • Demonstrable experience in the areas of information security governance, risk management, compliance and audit.
  • Ability to simplify complex technical security risks to both technical and non-technical audiences.
  • Confident and engaging communicator with strong verbal, written and presentation communication skills.
  • Can work with multi-disciplinary teams and influence delivery and outcomes across all levels regardless of reporting lines.
  • Ability to prioritise complex evolving workloads and maintain an adaptable approach.
  • Comfortable identifying opportunities, influencing change and challenging in an appropriate manner at all levels.
  • Outcome focused and able to ‘think outside the box’ with a business value mindset.


  • A certification in any one or more of the following is desirable:
    • Certified in Risk and Information Systems (CRISC)
    • Certified Information Systems Auditor (CISA)
    • Certificate in Information Security Management Principles (CISMP)
    • CompTIA Security+

Lunik employees enjoy:

  • Hybrid working (3 days at home and 2 in the office)
  • Corporate pension plan
  • Free health insurance for the whole family
  • Free English and Spanish language classes
  • Free psychotherapy sessions
  • Gym membership subsidy
  • Free Life insurance
  • Flexible retribution
  • Fun socials – from weekly happy hour drinks to big seasonal events

Job Category: Information Security
Job Type: Full Time
Job Location: Malaga or Madrid