The median GRC Analyst salary in United Kingdom is £43K in 2026, with a typical range from £43K to £46K. Year-on-year movement is still building as more matched salary data is published. Midlands currently leads city pay at £60K.
What does A GRC Analyst do?
A GRC Analyst is responsible for assessing, monitoring, and reporting on information security risks and regulatory compliance across ISO 27001, GDPR, DORA, SOC 2, and NIST frameworks, supporting the CISO and senior management.
Day-to-day responsibilities
- Conducting information security risk assessments and maintaining the risk register
- Performing control assessments and compliance gap analyses against ISO 27001
- GDPR
- DORA
- SOC 2
- Supporting internal and external audits
Very High demand+20% ISO 27001+18% GDPR Compliance+22% DORA (Digital Operational Resilience Act)