Governance Risk and Compliance Analyst
About Ekco
🚀 Founded in 2016, Ekco has quickly become one of Europe’s fastest-growing cloud solution providers and your trusted security-first Managed Service Provider.
IT leaders choose Ekco to drive operational efficiency, scale smarter and stay ahead of risk – powered by local expertise, delivered at European scale.
We specialise in helping organisations advance their cloud maturity guiding transformation, strengthening security, and maximising the value of their technology investments.
☁️ In simple terms: we help organisations modernise with confidence securing their systems, optimising their cloud, and keeping them resilient in a rapidly changing world.
🌍 Today, we’re a thriving team of 1,000+ talented and supportive colleagues across the UK, Ireland, Benelux, South Africa, and Malaysia—and we’re continuing to grow.
At Ekco, how we work matters as much as what we deliver. Our people live by four core values that shape everything we do:
On It: We take ownership, follow through, and get things done.
All In : We collaborate, support each other, and commit fully to shared goals.
Connected: We build trusted relationships with colleagues, clients, and partners.
Hungry to Grow: We stay curious, keep learning, and push ourselves to the next level.
🏠If these values resonate with you, you’ll feel right at home here.
The Role
This role is part of the Group Governance, Risk & Compliance function and supports the Group Head of Governance, Risk & Compliance and Group Data Protection Officer by helping to operate, evidence, monitor and improve the Group Integrated Management System and associated governance, risk, compliance and assurance activities.
As Governance, Risk & Compliance Analyst, you will provide hands-on support across the Group GRC function, helping to maintain governance records, coordinate assurance activity, support internal and external audits, assist with risk and supplier assessments, and maintain evidence that demonstrates compliance with Ekco's management system and customer assurance obligations.
The role is suited to someone with a developing understanding of governance, risk, compliance, information security or management system standards, who is able to work accurately, follow structured processes and support stakeholders across different regions and business functions. Experience with ISO/IEC 27001 is strongly desirable, with exposure to ISO 9001, ISO 14001, ISO/IEC 20000-1, ISO 22301, ISO/IEC 27701, ISO/IEC 42001 or related assurance frameworks being beneficial.
Responsibilities:
Integrated Management System Support
Maintain IMS records, registers, action trackers and evidence repositories in line with GRC processes.
Support the preparation of IMS Audit & Risk Committee materials, including action updates, meeting packs, evidence requests and follow-up tracking.
Assist with the IMS management review process by coordinating inputs, collating evidence and maintaining supporting records.
Support continual improvement activity by tracking improvement actions, maintaining status updates and helping stakeholders provide clear progress evidence.
Assist with policy and process administration, including version control, review scheduling, publication support and stakeholder feedback tracking.
Risk Management Support
Assist with risk assessments across governance, compliance, information security, service management, business continuity, environmental and quality areas.
Maintain risk register updates, review reminders, action tracking and supporting evidence under the direction of the Senior GRC Analyst or Group Head of GRC.
Support business stakeholders in documenting risks, controls, treatment actions and review updates clearly and consistently.
Prepare routine risk reports, dashboards and summaries for review by the GRC team.
Help identify incomplete, overdue or unclear risk records and escalate these for follow-up.
Audit, Assurance and Certification Support
Support internal audit planning, scheduling, evidence gathering, note taking and audit report preparation.
Assist with external audit and certification activities by coordinating evidence requests and maintaining audit trackers.
Track audit findings, opportunities for improvement, corrective actions and remediation evidence.
Support customer assurance requests, tender responses and due diligence questionnaires by gathering approved information and evidence from controlled sources.
Maintain accurate records of assurance responses, evidence used and follow-up actions.
Supplier Governance and Compliance Support
Assist with supplier due diligence assessments, annual supplier reviews and supplier risk records.
Collect and review supplier assurance documents, including certifications, security summaries, privacy documentation and contractual evidence.
Maintain supplier governance records and escalate incomplete, inconsistent or higher risk submissions for review.
Support the preparation of supplier review summaries and risk commentary for approval by senior GRC colleagues.
Assist in monitoring changes in supplier assurance status, documentation expiry dates and recurring review requirements.
Reporting, Training and Awareness
Prepare draft reports, summaries and metrics for GRC activities, including risk, audit, assurance, supplier governance and IMS performance.
Support the development and maintenance of training and awareness materials for governance, risk and compliance topics.
Help promote a culture of risk awareness, accountability and compliance across the organisation.
Maintain clear, accurate and auditable working records in Microsoft 365, Teams and SharePoint.
Work collaboratively with stakeholders across regions and functions to obtain information, clarify actions and support timely completion of GRC activities.
Requirements:
Skills and Abilities
Professional English written and verbal communication skills.
Strong attention to detail and the ability to maintain accurate records.
Ability to follow structured processes and work through tasks to completion.
Good organisational skills and ability to manage multiple activities and deadlines.
Ability to work independently while knowing when to escalate questions, risks or blockers.
Collaborative approach and ability to work with stakeholders across different teams and regions.
Good working knowledge of Microsoft Office, Teams and SharePoint and related collaboration tools.
Willingness to learn quickly and develop technical knowledge in governance, risk and compliance.
Knowledge and Experience
Experience in governance, risk, compliance, audit, information security, service management, supplier governance or a related control environment.
Awareness of ISO/IEC 27001 or information security management system requirements.
Exposure to ISO 9001, ISO 14001, ISO/IEC 20000-1, ISO 22301, NEN 7510, SOC 2, ISAE 3402 or similar frameworks is beneficial.
Experience supporting audits, evidence gathering, risk assessments, supplier reviews or customer assurance activities is desirable.
A relevant qualification or willingness to work towards one in GRC, audit, information security, data protection or management systems would be beneficial.
Benefits / Perks
• 🎂 Birthday Leave: One extra day off to celebrate
• 💰 Company Pension Scheme
• 🏃♀️ EkcOlympics: Global team activity challenges
• 📚 Unlimited access to Pluralsight for continuous development
• 🌱 Real opportunities to grow, including international progression
Why Ekco
🏅 Company of the year 2026 Tech Excellence Awards
⭐️ Microsoft’s 2023 Rising Star Security Partner of the Year
🚀 First Irish Microsoft MSP to achieve all four Microsoft Security Specializations
🌈 A culture rooted in diversity, equality, inclusion & belonging
🎉 A commitment to internal mobility and career progression
✨ Flexible, family-friendly working at the heart of our culture
🔐 Proud to be your trusted security-first Managed Service Provider chosen by IT leaders to drive operational efficiency, scale smarter and stay ahead of risk.
- Department
- Governance, Risk & Compliance
- Locations
- Cape Town - South Africa, Kuala Lumpur - Malaysia