Job Title: GRC Analyst
Location: Remote (London area)
Employment Type: Full-time, Permanent Role
About Rhymetec:
Rhymetec was founded in New York City in 2015, growing steadily in the areas of compliance, cybersecurity and data privacy. Our mission is to ensure our clients are compliant faster, so they can focus on their core business and less on the complexities of building effective and compliant infosec programs.
Job Description:
We are seeking a GRC Analyst to join our growing team in the UK! The CSA will be responsible for supporting the development and implementation of solutions that help Rhymetec's clients achieve, manage and measure security metrics and compliance requirements. The role will work closely with their Security Program Manager to help design and deliver security and compliance objectives and have the ability to help drive foundational changes in internal cloud platforms to enhance their security posture. The ideal candidate will have a team first mentality and fit within the core values and culture at Rhymetec. This person will be responsive to both customers and team members with communications, be detail oriented, and hold a high level of autonomy to complete work on time and with quality.
Responsibilities:
- Prepare agendas and supporting materials for client business.
- Conduct meetings with clients regularly.
- Configure performance monitoring alarms in AWS, Azure, GCP, Datadog and other cloud infrastructures.
- Configure Security alarms and Intrusion Detection Systems in AWS, GCP, Azure.
- Set up supporting security applications.
- Set up mobile device management applications such as Jamf, Jumpcloud, Microsoft Endpoint manager, Hexnode, etc.
- Configure and maintain compliance monitoring platforms.
- Conduct internal audits, risk assessments, and generate reports.
- Conduct Incident Response Tabletop exercises with clients.
- Conduct Business Continuity and Disaster recovery tabletop exercises with clients.
- Support clients in mapping frameworks/controls such as SOC 2 Type 2, ISO 27001, GDPR, and DORA into actionable items for clients.
- Conduct employee access reviews, SaaS vendor security assessments, and Gap assessments.
- Triage bug/vulnerability reports from security researchers.
- Complete security questionnaires on behalf of clients.
- Draft supporting documents for clients’ information security management systems and information security policies.
- Gather & maintain evidence of compliance for various frameworks.
- Lead engagements with auditors on behalf of clients.
- Communicate tasks to clients’ employees and educate clients on security best practices.
Qualifications:
- Knowledge of compliance and regulatory frameworks (PCI, ISO/IEC, SOC 2, DORA, GDPR)
- Strong logical security skills, with experience in cloud security
- Understanding of cloud environments (AWS, GCP, Azure) and integrating security controls through DevOps and Infrastructure as a Service (IaaS) techniques
- Experience in customer service and ability to develop professional relationships with customers
Must Haves:
- Bachelor's degree or equivalent experience related to the technology or cyber security field
- Bilingual in German and/ or French
- 4+ years of work experience in technology or cybersecurity.
- Ability to flex and adapt to innovative and changing work demands.
- Travel up to 2 weeks out of the calendar year.
Rhymetec Benefits
- Comprehensive, company-funded private medical insurance for employees
- Dental and Vision benefits
- Generous annual leave package, plus sick time and 8 Paid Holidays
- Workplace pension
- Wellbeing Support: An annual subscription to TalkSpace, our online counselling and therapy service
Rhymetec is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetic background, disability, age, or veteran status.
Skills Required
- Bachelor's degree or equivalent experience in technology or cybersecurity
- Bilingual in German and/or French
- 4+ years of work experience in technology or cybersecurity
- Knowledge of compliance and regulatory frameworks (PCI, ISO 27001, SOC 2, DORA, GDPR)
- Strong cloud security skills and understanding of AWS, GCP, Azure
- Experience integrating security controls through DevOps and IaaS techniques
- Experience configuring monitoring and IDS in cloud platforms and tools like Datadog
- Experience with mobile device management tools (Jamf, JumpCloud, Microsoft Endpoint Manager, Hexnode)
- Experience in customer service and developing professional client relationships
- Ability to adapt to changing work demands and work autonomously
- Willingness to travel up to two weeks per year
Rhymetec Compensation & Benefits Highlights
-
Healthcare Strength — Comprehensive medical, vision, and company-paid life coverage is paired with dedicated mental-health support such as Talkspace access.
-
Leave & Time Off Breadth — Generous PTO, sick time, paid holidays, parental leave, and Summer Fridays signal a strong emphasis on work-life balance.
-
Flexible Benefits — A fully remote U.S. model with schedule flexibility and a home-office stipend provides meaningful location and workstyle flexibility.
Rhymetec Insights
What We Do
At Rhymetec, our security experts have built and continue to manage over 250 SaaS-based companies' infosec and data privacy programs. We act as an extension of your team and leverage cutting-edge technologies to get customers compliant with frameworks like SOC 2, ISO 27001, HIPAA, GDPR/CCPA, and more in a much shorter timeframe. While most companies offer services for cybersecurity and data privacy OR consulting—Rhymetec offers both. We consult on developing a more effective infosec program within your unique environment and provide the services needed to achieve, improve and maintain a strong security posture. Our mission is to reduce the complexities of cloud security, making forward-thinking cybersecurity services more accessible to SaaS-based startups. We're here to help you fast-forward your cybersecurity, compliance and data privacy programs. To learn more, check out our managed vCISO (Virtual CISO), ISO Internal Audit, Penetration Testing, PCI Scanning and Phishing Testing & Training Services: Rhymetec.com
Why Work With Us
Rhymetec is a fully remote cybersecurity MSSP helping SaaS companies stay secure and compliant. We’re people-first: high ownership, flexible work, supportive teammates, and continuous learning. Your ideas ship, your impact is visible, and your growth is backed with mentorship, certifications, and client outcomes. Join us to shape modern security!
Gallery
Rhymetec Offices
Remote Workspace
Employees work remotely.