Bromcom Computers

We are seeking a Technical GRC Analyst to support the day-to-day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment. This role will focus on administering established policies and workflows, coordinating compliance and security activities, handling requests from across the business, and performing risk assessments particularly where personal data, information security, and GDPR considerations are involved. You will play a key role in ensuring that our systems, processes, security tooling, and third-party relationships meet our security, compliance, and data protection standards. Working closely with the IT & Information Security Manager and wider IT team, you will help maintain audit readiness, support operational security assurance activities, and coordinate remediation and evidence management across the organisation. The role offers exposure across governance, operational security assurance, compliance, and risk management within a growing SaaS environment. Key Responsibilities Administer and operate IT risk, compliance, and security assurance processes aligned to internal policies and regulatory requirements (including GDPR) Act as a central point of contact for compliance-related requests (e.g. Subject Access Requests (SARs), data sharing requests, access requests, exceptions, and supplier onboarding) Perform risk assessments using defined criteria, with a focus on data protection and information security risks Review requests against defined policies and controls, escalating where appropriate in line with internal governance processes Support third-party / supplier risk assessments, including reviewing security and data protection documentation and tracking follow-up actions Support periodic reviews of high-risk and business-critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place Support the implementation and ongoing operation of compliance and assurance tooling (Vanta), including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities. Ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes Support internal and external audits (e.g. ISO 27001), including evidence gathering, action tracking, and coordination of remediation activities Monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review Support coordination and operational delivery of security improvement initiatives across IT and business teams. Support incident management processes through documentation, tracking, and coordination of follow-up actions Coordinate security awareness activities, including phishing simulation campaigns and training tracking Assist with reviews of security tooling configurations and collection of supporting control evidence Work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed Contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust Skills & Experience Essential: Experience in IT risk, compliance, or GRC roles within a SaaS or technology environment Understanding of GDPR and handling of personal data (especially sensitive or child/student data) Experience performing risk assessments using structured frameworks and defined processes Ability to interpret policies and apply them to operational and real-world scenarios Strong organisational, coordination, and documentation skills (audit trails, evidence, decision logs) Experience working with cross-functional teams (e.g. engineering, product, operations) Experience supporting operational security assurance activities, such as evidence collection, control validation, remediation tracking, or audit preparation Desirable: Familiarity with ISO 27001, Cyber Essentials, or similar frameworks Experience supporting audits, evidence collection, or remediation tracking activities Experience with vendor / third-party risk management Exposure to data protection processes (e.g. SARs, DPIAs, data sharing assessments) Exposure to data classification, data governance, or data loss prevention (DLP) processes Experience with GRC, compliance, or assurance platforms (e.g. Vanta, Drata) and ticketing/workflow management tools Exposure to Microsoft 365 security and compliance tooling (e.g. Entra ID, Intune, Secure Score, Defender) Basic understanding of cloud/SaaS architecture and common security controls Key Behaviours: Pragmatic approach to risk, with the ability to balance compliance requirements with business needs Comfortable assessing requests against defined policies and escalating concerns where appropriate Confident communicating risks, issues, and follow-up actions to stakeholders Detail-oriented, with a strong focus on documentation, evidence quality, and traceability Organised and proactive, with the ability to manage multiple tasks and follow through on actions Able to operate independently within established processes and governance frameworks Collaborative approach to working with technical and non-technical teams Bromcom is an equal opportunities employer.

PLEASE NOTE: This role is based in our office 5 days a weeks. Please only apply if you are able to travel to and work from Bromley. This role is ideal for someone looking to move from practice into industry. As Head of Finance, you will play a pivotal role on the executive leadership team, driving the financial model, strategy and performance of a fast-growing EdTech business. You will provide clear strategic insight, robust financial governance, and commercial leadership to support sustainable growth and value creation. By delivering accurate and timely management accounts and maintaining a robust financial model, you will enable informed, data-driven decision-making across the business. As the company scales, you will ensure disciplined financial management and provide the strategic direction needed to strengthen its market position and achieve ambitious growth objectives. The Role Report to the Executive team to support strategic planning and decision-making. Build a strong and highly motivated finance team to meet the demands of a fast-growing tech business. Ensure that the internal systems, policies and procedures are sufficient and robust enough to maintain and where possible improve the overall efficiency and effectiveness of the finance function. Manage the migration to the new accounting system Sage Intacct and review the SaaS income recognition process within the new system to manage this function seamlessly across all departments. Lead the production of accurate and timely monthly management accounts including fully reconciled management account schedules in a timely manner. Maintain and update the company financial model, set budgets, review assumptions, and produce departmental analysis and variance analysis against budget and updated forecast. Develop extensive KPI reporting to ensure commercial awareness and financial stewardship across all departments. Ensure the company meets its tax compliance and statutory reporting obligations. Making sure all HMRC payments & returns are submitted on time. Assist in the audit process ensuring the audit file is complete with fully reconciled management account schedules, extended trial balance and Profit & Loss and Balance Sheet, ready in advance of the commencement of the audit. Ensure the Sales Day Book is updated and maintained accurately & timely by the Finance team. Conduct regular meetings with the Sales Team to reconcile reported sales orders with Accounts records, ensuring accuracy and alignment. Support the sales and tenders teams to ensure control over pricing decisions and remain competitive whilst maximising sales revenue and protecting margins. Skills and qualifications Qualified ACA or ACCA with at least 5 years post qualified experience. Experience of working in a fast-growing tech company preferably. Experience in moving accounting systems successfully. Experience of investor relations and third-party reporting requirements perhaps through private equity investment or through an IPO process. Have a broad range of knowledge across all areas of a business including software development, R&D and SaaS. Demonstrate a strong level of financial knowledge and commercial awareness. Able to work under pressure, prioritise work effectively, manage and motivate a team through strong leadership and willing to be hands on in order to get the desired results. Expert level of Excel and knowledge of Sage Intacct, Sage 50and Dynamics 365 would be preferable but not essential. Bromcom is an equal opportunities employer