GRC Specialist

Wood Mackenzie is the global data and analytics business for the renewables, energy, and natural resources industries. Enhanced by technology. Enriched by human intelligence. In an ever-changing world, companies and governments need reliable and actionable insight to lead the transition to a sustainable future. That's why we cover the entire supply chain with unparalleled breadth and depth, backed by over 50 years' experience. Our team of over 2,400 experts, operating across 30 global locations, are enabling customers' decisions through real-time analytics, consultancy, events and thought leadership. Together, we deliver the insight they need to separate risk from opportunity and make confident decisions when it matters most.

Wood Mackenzie Brand Video
Wood Mackenzie Values

• Inclusive – we succeed together
• Trusting – we choose to trust each other
• Customer committed – we put customers at the heart of our decisions
• Future Focused – we accelerate change
• Curious – we turn knowledge into action

Job Description
The role of the GRC Specialist is responsible for the day-to-day execution of governance, risk, and compliance (GRC) activities. This includes preparing for SOC and other audits, collecting and organizing evidence, responding to client/vendor security questionnaires, and maintaining the accuracy of the cyber risk register.

The role works closely with IT, Security Engineering, and business stakeholders to ensure audit requests and client inquiries are addressed promptly and consistently. The Specialist ensures that risks, exceptions, and remediation actions are logged and tracked to completion, providing a strong operational foundation for the Risk & Compliance program.

Key Responsibilities
Audit & Assurance Support:

• Collect and organize evidence for SOC2 and other internal audits.
• Track remediation items from audits, ensuring timely closure with responsible teams.
• Maintain a repository of reusable audit evidence to streamline future cycles.
• Support the Risk & Compliance Lead in responding to auditor and assessor queries.
• Client & Vendor Security Questionnaires.
• Coordinate responses to customer and third-party security questionnaires.
• Collaborate with technical owners (Engineering, IT, Product) to provide accurate answers.
• Maintain a knowledge base of pre-approved responses to accelerate RFPs and renewals.
• Ensure responses are consistent with SOC2 reports and company policy.

Risk Register & Exception Management

• Update and maintain the cyber risk register in coordination with the Risk & Compliance Lead.
• Record new risks, assign owners, and track remediation/progress.
• Document Policy Exception Risk Acceptance (PERA) approvals and expirations.
• Ensure risk data is kept current for reporting cycles.

Reporting & Metrics

• Contribute data for quarterly risk and compliance dashboards.
• Provide metrics on questionnaire volumes, audit findings, and remediation timelines.
• Highlight overdue risks, audit items, or exceptions to the Risk & Compliance Lead.

Experience & Skills

• Experience in IT audit, compliance, or GRC operations.
• Familiarity with audit frameworks (SOC2, ISO 27001, GDPR).
• Strong organizational skills for evidence collection and tracking.
• Ability to manage multiple concurrent requests and deadlines.
• Clear written communication for client questionnaires and reports.
• Experience in SaaS, data analytics, or regulated industries.
• Exposure to vendor/supplier risk assessments.
• Experience using GRC platforms (ServiceNow GRC, Archer, or equivalent).

Equal Opportunities
We are an equal opportunities employer. This means we are committed to recruiting the best people regardless of their race, colour, religion, age, sex, national origin, disability or protected veteran status. You can find out more about your rights under the law at

If you are applying for a role and have a physical or mental disability, we will support you with your application or through the hiring process.