This job posting isn't available in all website languages

GRC Cyber Analyst

Digital Technology
Corporate Services
HYD00001N Requisition #

A career at Arup offers you the chance to make a positive difference in the world. Independently owned and independently minded, we attract a diverse mix of people to work on ground-breaking global projects. We have an ambitious commitment to be the digital leader in the built environment and have digital teams and experts all over the world, who collaborate on world-leading software, data and technology projects and products. Being a global team means we value people with diverse experiences, backgrounds, specialisms and skills. 

Our Digital Technology team are proud winners of the IT Team of the Year for 2021 at the Chartered Institute of IT’s UK IT Industry Awards. In January 2022 Arup was awarded ‘Britain’s Most Admired Company’ by the publication, Management Today.

The role 

We are looking for a governance, risk and compliance (GRC) cyber analyst for our growing global cyber security team. You will help protect Arup’s digital infrastructure and data from cyber-attack. You will help to assess Arup’s information and cyber risks, define Arup’s security policies, standards and guidelines, run a cyber education and awareness programme, manage supply chain cyber risk, manage data loss prevention and ensure that Arup is compliant with relevant cyber legislation and standards. 

The GRC team is distributed globally. The cyber security analyst role reports to the GRC service leader based in UK. 

“Being a graduate and starting in a new team can be intimidating, but from my very first day with the Cyber Security team I felt welcome. Across varying skill levels, ranging from juniors to top industry professionals, the team goes above and beyond to support each other, find solutions, and build companywide awareness of the importance of cyber security. Your perspective is always considered and appreciated, which really makes you feel like you’re making a difference to Arup and to our people's security. This has been a motivating and empowering experience for me throughout these uncertain times."

Yana, UK

You should apply if:

  • You are interested in cyber security, and have a solid foundation in technology
  • You have an analytical mind and enjoy solving problems
  • You enjoy learning new skills and sharing your knowledge with others

Responsibilities of the role include:

  • Representing cyber in Europe region for any cyber related requests and issues
  • Ensure compliance with Arup’s information security control framework
  • Coordinating cyber security awareness campaigns in Europe region
  • Liaising with stakeholders in the Europe region for new developments in Digital and drive security by design
  • Conducting threat and risk assessments and drive risk closure
  • Keeping Arup’s cloud and other information environments secure and compliant
  • Conducting supply chain cyber due diligence
  • Working with the software development community to ensure digital products and services are secure by design
  • Helping to deliver Arup’s data loss prevention program
  • Auditing internal infrastructure and applications against defined security framework
  • Driving IT disaster compliance activities
  • Driving security control assessments and thriving for raising the compliance level in Europe region
  • Measuring the cyber processes, controls and reporting on the effectiveness of cyber management plan

Please don’t be discouraged if you don’t meet every point below – if you meet most, and are strongly motivated by the role, and willing to learn, we are still interested in hearing from you.

Essential skills and knowledge:

  • Has a good understanding of ISO27001
  • Analytical and problem-solving skills to identify and assess risks and threats
  • Some industry GRC or information risk management experience desirable
  • Ability to understand the business context and technology landscape, and apply appropriate security solutions in response to differential risks and needs
  • Understanding of data loss prevention techniques
  • Strong communication skills and the ability to accommodate different points of view of various stakeholders to find a common solution, particularly at times of pressure or threat
  • Excellent emotional intelligence to foster openness and transparency within the team
  • Experience in information risk management

Desirable skills and knowledge:

  • Knowledge of compliance and audit
  • Experience on industry standards like NIST, CIS and ISO22301

Personal Qualities

  • A passion for diversity, recognizing the innovation and competitive edge that comes from a diverse highly skilled team where equal opportunities are truly valued
  • The ability to empower others to succeed, giving staff the confidence and support to thrive, develop and excel at what they do
  • Open-minded collaborative approach to problem solving, improvement and leadership with an empathy for the needs of clients and customers
  • Ability to influence others to consider your point of view and gain support and agreement for plans, changes and new approaches
  • Ability to establish and agree direction when there is lack of clarity from stakeholders
  • Self-starter, pragmatic, flexible and comfortable with ambiguity, able to align business and Digital Technology Group vision to deliver clarity


  • University degree level qualification or equivalent industry experience is desirable

Bear in mind that successful candidates must pass a disclosure and barring security check

We offer:

  • Work on the highest-profile global projects
  • Stable employment on the basis of full-time job contract
  • Supportive and friendly work atmosphere, great team
  • Relevant trainings and development opportunities (also abroad)
  • Attractive benefits package (medical care, multisport card, language courses, profit shares scheme)
  • This role can be based out of our Krakow or Warsaw office. Our Warsaw office is conveniently located in the Gdański Business Center Different people, shared values.

At Arup, we believe when talented people collaborate, great things are possible. Arup hires people with proven skills and open minds. We are taking deliberate action to create an inclusive culture that is grounded in our purpose to shape a better world.

At Arup, we welcome candidates from all backgrounds, regardless of age, disability, gender, gender identity, gender expression, race, religion or belief, sexual orientation, socioeconomic background, and any other protected characteristic. Our internal employee networks - BAME, Culture, Disability, LGBTQ+ and Women - provide a space for you to express your views and to make a positive difference - discover more about life at Arup here.

At Arup, we are committed to making all stages of our recruitment process accessible to candidates with disabilities. Please speak to our recruitment team and we will work with you to make reasonable adjustments to ensure you can perform at your best throughout your application.

At Arup, we appreciate that everyone’s circumstances are different and having the freedom to flex the way we work is essential to our wellbeing. If flexibility matters to you let us know when you apply, and we will discuss how this could work in your role.


Stay safe online - Arup will never ask for payment or your bank details as part of our recruitment process.


Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions

Similar Listings

Corporate Services

Hyderabad, -, India

📁 Digital Technology

Requisition #: HYD00001F

Corporate Services

Hyderabad, -, India

📁 Digital Technology

Requisition #: HYD000012

Corporate Services

Krakow, -, Poland

📁 Digital Technology

Requisition #: WAR00001F