cover image
Wood Mackenzie

Wood Mackenzie

www.woodmac.com

1 Job

2,526 Employees

About the Company

In the middle of the energy transition, businesses and governments are faced with significant challenges. But the pace and scale of change mean every decision is made under mounting pressure. Now, more than ever, companies need reliable data, analytics and actionable insight.

Wood Mackenzie is the leading global provider of data and analytics solutions for the renewables, energy and natural resources sectors . Wood Mackenzie's services include data, analytics, insight, events and consultancy. A trusted partner for over 50 years, Wood Mackenzie's team has over 2,300 experts across more than 30 global locations who cover the entire supply chain. Wood Mackenzie's data and analytics empowers energy producers, governments and financial institutions to be confident in their investment decisions in the face of rapidly evolving markets. Part of the Veritas group.

Listed Jobs

Company background Company brand
Company Name
Wood Mackenzie
Job Title
GRC Specialist
Job Description
**Job Title** GRC Specialist **Role Summary** Executes day‑to‑day governance, risk, and compliance activities, supporting SOC‑2 and other audits, managing the cyber risk register, and coordinating client/vendor security questionnaire responses. **Expectations** - Deliver audit evidence and remediation tracking on schedule. - Maintain accurate, up‑to‑date risk records and compliance reporting. - Timely, accurate communication with auditors, clients, and internal stakeholders. **Key Responsibilities** - Collect and organize audit evidence for SOC‑2 and other frameworks. - Track and close audit remediation items, maintaining a reusable evidence repository. - Respond to auditor and assessor queries; support Risk & Compliance Lead. - Coordinate responses to customer and third‑party security questionnaires; maintain a knowledge base of pre‑approved answers. - Update and maintain the cyber risk register; record new risks, assign owners, and track remediation. - Document Policy Exception Risk Acceptance (PERA) approvals and expirations. - Provide metrics and data for quarterly risk & compliance dashboards; highlight overdue items. **Required Skills** - Experience in IT audit, compliance, or GRC operations. - Knowledge of audit frameworks (SOC‑2, ISO 27001, GDPR). - Strong organizational and evidence‑collection capabilities. - Ability to manage multiple concurrent requests and deadlines. - Clear written communication for questionnaires and reports. - Familiarity with vendor/supplier risk assessments. - Experience with GRC platforms (ServiceNow GRC, Archer, or equivalent). **Required Education & Certifications** - Bachelor’s degree in Information Security, Business, or related field. - Relevant certifications preferred (e.g., CISA, CRISC, ISO 27001 Lead Auditor).
Edinburgh, United kingdom
Hybrid
25-11-2025