Senior Governance Risk and Compliance Analyst
About Ekco
🚀 Founded in 2016, Ekco has quickly become one of Europe’s fastest-growing cloud solution providers and your trusted security-first Managed Service Provider.
IT leaders choose Ekco to drive operational efficiency, scale smarter and stay ahead of risk – powered by local expertise, delivered at European scale.
We specialise in helping organisations advance their cloud maturity guiding transformation, strengthening security, and maximising the value of their technology investments.
☁️ In simple terms: we help organisations modernise with confidence securing their systems, optimising their cloud, and keeping them resilient in a rapidly changing world.
🌍 Today, we’re a thriving team of 1,000+ talented and supportive colleagues across the UK, Ireland, Benelux, South Africa, and Malaysia—and we’re continuing to grow.
At Ekco, how we work matters as much as what we deliver. Our people live by four core values that shape everything we do:
On It: We take ownership, follow through, and get things done.
All In : We collaborate, support each other, and commit fully to shared goals.
Connected: We build trusted relationships with colleagues, clients, and partners.
Hungry to Grow: We stay curious, keep learning, and push ourselves to the next level.
🏠If these values resonate with you, you’ll feel right at home here.
The Role
This role is part of the Group Governance, Risk & Compliance function and supports the Group Head of Governance, Risk & Compliance and Group Data Protection Officer by helping to operate, evidence, monitor and improve the Group Integrated Management System and associated governance, risk, compliance and assurance activities.
As Senior Governance, Risk & Compliance Analyst, you will act as a senior operational lead within the Group GRC function, coordinating core elements of the Integrated Management System, enterprise risk management, audit readiness, supplier governance, customer assurance and compliance reporting. The role provides delegated support to the Group Head of GRC by converting governance requirements into practical workplans, maintaining momentum across stakeholders and ensuring that records, evidence, actions and reports are accurate, timely and suitable for senior review.
The Senior GRC Analyst is expected to operate with a high degree of autonomy, provide guidance to GRC Analysts and business stakeholders, and help ensure that the Group GRC function can maintain effective oversight across multiple standards, regions and business functions. Strong knowledge of ISO/IEC 27001 is essential, with demonstrable experience in one or more additional management system or assurance frameworks such as ISO 9001, ISO 14001, ISO/IEC 20000-1, ISO 22301, ISO/IEC 27701, ISO/IEC 42001, NEN 7510, SOC 2 or ISAE 3402 being highly desirable.
This role supports data protection governance where it intersects with IMS, risk management, supplier governance, assurance and reporting.
Responsibilities:
Integrated Management System Coordination
Coordinate day-to-day operation of the Group IMS across ISMS, SMS, EMS, BCMS, AIMS, PIMS and QMS activities under the direction of the Group Head of GRC.
Maintain and improve IMS governance records, action trackers, policy review schedules, evidence repositories and management review inputs.
Lead preparation of IMS Audit & Risk Committee materials, including agenda inputs, performance updates, action status, risk summaries and evidence packs.
Support the Group Head of GRC in translating IMS objectives, audit outcomes and management review decisions into practical actions and follow-up plans.
Monitor the status of IMS actions, findings, objectives and continual improvement items, escalating delays, dependencies and risks where required.
Enterprise Risk Management
Coordinate the operation of the enterprise risk management process, including risk identification, assessment, treatment, review and reporting.
Support business and operational leaders in documenting risks, controls, treatments, owners and review updates in line with the risk management framework.
Review risk records for quality, completeness and consistency before escalation to the Group Head of GRC or relevant governance forums.
Prepare risk reports, trend analysis and exception reporting for senior stakeholders and governance committees.
Identify emerging or recurring governance, operational, cyber, third-party and compliance risks and support appropriate escalation.
Audit, Assurance and Certification
Coordinate internal audit planning and delivery across relevant management system standards, including audit schedules, evidence requests, stakeholder coordination and report drafting.
Support external audits and certification activities by managing evidence requests, audit logistics, finding trackers and remediation updates.
Review audit findings, corrective actions and opportunities for improvement to ensure clear ownership, suitable remediation plans and timely closure evidence.
Support customer assurance, tender responses and due diligence questionnaires by preparing accurate responses using controlled GRC evidence sources.
Help maintain audit readiness across the organisation by identifying evidence gaps and coordinating remediation with process owners.
Compliance and Regulatory Support
Monitor relevant regulatory, contractual and standards-based requirements and support impact assessments for changes affecting the IMS or GRC framework.
Support the maintenance of compliance registers, obligations trackers and evidence of compliance across applicable jurisdictions and standards.
Assist with regulatory and contractual assurance activities, including information gathering, evidence preparation and reporting.
Coordinate with business stakeholders to ensure compliance obligations are understood, assigned and evidenced.
Provide practical guidance to stakeholders on governance, risk and compliance processes, escalating matters requiring formal advice or independent challenge to the Group Head of GRC.
Supplier Governance and Third-Party Risk
Lead routine supplier governance reviews, including risk assessment, evidence review, assurance documentation and supplier review commentary.
Coordinate supplier due diligence activity for new and existing suppliers, ensuring risk indicators, assurance records and follow-up actions are appropriately documented.
Review supplier assurance materials, certifications, privacy documentation and security evidence, escalating higher risk matters for senior review.
Maintain supplier governance trackers, review schedules and reporting metrics.
Support the continual improvement of supplier governance processes, templates and reporting.
Team Support, Reporting and Continuous Improvement
Provide day-to-day guidance, review and quality control for GRC Analyst activities.
Develop practical templates, guidance notes, trackers and reporting outputs to improve consistency and efficiency across the GRC function.
Prepare concise and accurate reports for management, governance forums and senior stakeholders.
Support training and awareness activity across governance, risk, compliance and management system topics.
Promote a culture of accountability, evidence-based compliance, continual improvement and constructive challenge across the organisation.
Requirements:
Skills and Abilities
Excellent professional English written and verbal communication skills, with the ability to produce clear reports and senior stakeholder updates.
Strong judgement and ability to work through complex or ambiguous governance, risk and compliance issues.
Ability to coordinate multiple workstreams, stakeholders and deadlines across regions and business functions.
High attention to detail and ability to identify gaps, inconsistencies or weak evidence in governance records.
Ability to operate autonomously while escalating material risks, blockers and decisions appropriately.
Constructive stakeholder management style, with the ability to challenge, support and influence operational teams.
Ability to guide and review the work of analysts and support consistent delivery across the GRC function.
Strong working knowledge of Microsoft Office, Teams, SharePoint and related collaboration tools.
Knowledge and Experience
Demonstrable experience in governance, risk, compliance, audit, information security, supplier governance or management systems.
Strong knowledge of ISO/IEC 27001 and practical experience supporting an ISMS.
Experience with one or more additional standards or frameworks such as ISO 9001, ISO 14001, ISO/IEC 20000-1, ISO 22301, ISO/IEC 27701, ISO/IEC 42001, NEN 7510, SOC 2 or ISAE 3402.
Experience coordinating internal audits, external audits, evidence requests, corrective actions or certification activities.
Experience supporting enterprise risk management, supplier due diligence, customer assurance or compliance reporting.
Relevant professional qualifications in GRC, audit, risk management, information security, service management, data protection or management systems are desirable.
Benefits / Perks
• ☀️ Time Off: 25 days annual leave + public holidays
• 🎂 Birthday Leave: One extra day off to celebrate
• 💰 Company Pension Scheme
• 📞 Employee Assistance Programme (EAP) for wellbeing support
• 🏃♀️ EkcOlympics: Global team activity challenges
• 📚 Unlimited access to Pluralsight for continuous development
• 🌱 Real opportunities to grow, including international progression
Why Ekco
🏅 Company of the year 2026 Tech Excellence Awards
⭐️ Microsoft’s 2023 Rising Star Security Partner of the Year
🚀 First Irish Microsoft MSP to achieve all four Microsoft Security Specializations
🌈 A culture rooted in diversity, equality, inclusion & belonging
🎉 A commitment to internal mobility and career progression
✨ Flexible, family-friendly working at the heart of our culture
🔐 Proud to be your trusted security-first Managed Service Provider chosen by IT leaders to drive operational efficiency, scale smarter and stay ahead of risk.
- Department
- Governance, Risk & Compliance
- Locations
- Cape Town - South Africa