Job summary
Are you passionate about improving how we manage governance, risk, and compliance in digital services? We're looking for a proactive and detail-focused Governance, Risk and Compliance Analyst to join our Digital, Data and Technology (DDaT) directorate at NHSBSA.
In this role, you'll help shape and maintain governance, risk and compliance frameworks across DDaT, working closely with senior colleagues to assess risks, monitor compliance and support improvement. You'll be comfortable interpreting complex regulations, promoting best practice, and building strong relationships across teams.
We're looking for someone with strong communication and analytical skills who's confident working independently and as part of a team. You'll bring proven experience in Governance, Risk, Compliance, Assurance, or Audit -- ideally gained within the NHS or wider public sector -- to help us strengthen our frameworks and deliver real impact.
What do we offer? o 27 days leave (increasing with length of service) plus 8 bank holidays o Flexible working (we are happy to discuss options such as compressed hours) o Flexi time o Hybrid working model (we are currently working largely remotely) o Career development o Active wellbeing and inclusion networks o Excellent pension o NHS Car lease scheme o Access to a wide range of benefits and high street discounts!
Main duties of the job
As a Governance, Risk and Compliance (GRC) Analyst, you'll play a vital role in supporting the development, implementation, and continuous improvement of governance, risk, and compliance frameworks across our Digital, Data and Technology (DDaT) directorate. You'll work closely with senior leaders and stakeholders to identify and assess risks, develop and monitor control measures, and ensure alignment with statutory, regulatory, and NHS-specific standards.
You'll help maintain risk registers, coordinate audits, and prepare reports for senior leadership and regulators. You'll also assist in investigating incidents and compliance breaches, ensuring lessons learned are captured and shared. Your input will support the delivery of training and awareness activities that promote a strong compliance culture across the organisation.
With a keen eye for detail and a proactive mindset, you'll analyse risk and compliance data, helping drive informed decisions and service improvements. Whether advising teams on best practice, providing data analysis or helping develop policy and process, you'll be a trusted partner in ensuring our services are well-governed, secure, and high-quality.
About us
Here at the NHS Business Services Authority (NHSBSA), what we do matters.We manage the NHS Pension scheme, process prescription payments and much more. Our services are used by NHS organisations, contractors and the public: we're proud to be part of something meaningful, that touches millions of lives.We design our services around customer needs and place people at the heart of our organisation. That's why when you join us, you'll be empowered and supported to help your career grow.As one of the UK's Best Big Companies to work for, we're connected to our values: Collaborative, Adventurous, Reliable and Energetic. We care about our people, our purpose, and your progress.We strive to offer a fantastic colleague experience, where every colleague is heard, supported and respected. Wellbeing, diversity and inclusion is at the centre of this, and you can join our Lived Experience Networks who help us bring our authentic selves to work.We're committed to being a flexible employer and we try to offer a working pattern that suits you where possible, through hybrid working, flexible hours and more.Alongside a competitive salary with pay progression, we offer a people-centric benefits package, connecting you to the rewards and benefits you value most!Ready to join us in delivering business service excellence to the NHS, helping people live longer, healthier lives? Apply today and see where the NHSBSA can take you.We are people connected to care.
Job description
Job responsibilities
In this role, you are accountable for
Working within NHSBSAs policies, standing orders, financial regulations and legislative requirements:
1. Governance & Risk Management:
Assist in the development, implementation, and maintenance of the DDaT Directorates governance, risk, and compliance frameworks.
Support the identification, assessment, and mitigation of strategic and operational risks across the organisation.
Contribute to the preparation and review of risk registers and escalate high-risk issues to senior management.
Assist with the management and development of policies and procedures, ensuring they are regularly reviewed and up to date.
Monitor risk control measures and report on the effectiveness of mitigation actions.
Conduct risk assessments and provide advice to DDaT directorate regarding the management and reduction of risks.
2. Compliance Monitoring & Reporting:
Support compliance activities by ensuring the DDaT directorate adheres to relevant NHS standards, legislation, and regulatory requirements (e.g., NHS regulatory frameworks, Data Security Protection Toolkit, Payment Card Industry Data Security Standard).
Prepare and present regular reports for senior management on compliance matters and highlight areas of concern.
Assist in coordinating audits and inspections to assess compliance with internal and external standards.
Ensure the DDaT directorate remains compliant with local and national guidance, policies, and standards.
3. Compliance Management:
Ensure that incidents are recorded accurately and that lessons learned are communicated across the DDaT directorate and organisation.
Support the investigation of compliance breaches and contribute to the development of corrective and preventative actions.
4. Training & Awareness:
Assist with the development and delivery of training programs and awareness campaigns for DDaT colleagues on governance, risk management, and compliance matters.
Promote a governance, risk and compliance culture and ensure DDaT Colleagues understand their roles and responsibilities in maintaining high standards.
5. Documentation & Reporting:
Maintain up-to-date records of risk assessments, compliance activities, and audits.
Support the preparation of reports for internal and external stakeholders, including regulators, commissioners, and auditors.
Provide accurate and timely analysis of risk and compliance data to assist with decision-making and improvement initiatives.
6. Continuous Improvement:
Contribute to the continuous improvement of governance, risk management, and compliance practices within the DDaT directorate and organisation.
Identify opportunities for process improvements and assist with the implementation of best practice in risk management and compliance activities.
Job description
Job responsibilities
In this role, you are accountable for
Working within NHSBSAs policies, standing orders, financial regulations and legislative requirements:
1. Governance & Risk Management:
Assist in the development, implementation, and maintenance of the DDaT Directorates governance, risk, and compliance frameworks.
Support the identification, assessment, and mitigation of strategic and operational risks across the organisation.
Contribute to the preparation and review of risk registers and escalate high-risk issues to senior management.
Assist with the management and development of policies and procedures, ensuring they are regularly reviewed and up to date.
Monitor risk control measures and report on the effectiveness of mitigation actions.
Conduct risk assessments and provide advice to DDaT directorate regarding the management and reduction of risks.
2. Compliance Monitoring & Reporting:
Support compliance activities by ensuring the DDaT directorate adheres to relevant NHS standards, legislation, and regulatory requirements (e.g., NHS regulatory frameworks, Data Security Protection Toolkit, Payment Card Industry Data Security Standard).
Prepare and present regular reports for senior management on compliance matters and highlight areas of concern.
Assist in coordinating audits and inspections to assess compliance with internal and external standards.
Ensure the DDaT directorate remains compliant with local and national guidance, policies, and standards.
3. Compliance Management:
Ensure that incidents are recorded accurately and that lessons learned are communicated across the DDaT directorate and organisation.
Support the investigation of compliance breaches and contribute to the development of corrective and preventative actions.
4. Training & Awareness:
Assist with the development and delivery of training programs and awareness campaigns for DDaT colleagues on governance, risk management, and compliance matters.
Promote a governance, risk and compliance culture and ensure DDaT Colleagues understand their roles and responsibilities in maintaining high standards.
5. Documentation & Reporting:
Maintain up-to-date records of risk assessments, compliance activities, and audits.
Support the preparation of reports for internal and external stakeholders, including regulators, commissioners, and auditors.
Provide accurate and timely analysis of risk and compliance data to assist with decision-making and improvement initiatives.
6. Continuous Improvement:
Contribute to the continuous improvement of governance, risk management, and compliance practices within the DDaT directorate and organisation.
Identify opportunities for process improvements and assist with the implementation of best practice in risk management and compliance activities.
Person Specification
Personal Qualities, Knowledge and Skills
Essential
- Personal Qualities, Knowledge and Skills
- oProactive mindset with strong problem-solving and critical thinking skills.
- oAbility to work independently and collaboratively within a multidisciplinary team.
- oStrong interpersonal skills and confidence to build relationships at all levels.
- oCommitment to high ethical standards and confidentiality.
- oStrong customer service orientation and commitment to delivering value.
Desirable
- oGenuine interest in governance, risk and compliance, with a drive to stay current on best practices and trends.
Experience
Essential
- oStrong understanding of NHS-relevant regulatory and legislative frameworks (e.g. Data Protection, Health & Safety, CQC).
- oAbility to interpret complex regulations and communicate them clearly to diverse audiences.
- oExcellent written and verbal communication skills with the ability to simplify complex information.
- oStrong analytical skills, capable of assessing risk and interpreting data to draw meaningful insights.
- oProficiency in risk management and reporting tools/software.
- oEffective time management and organisational skills, able to meet deadlines under pressure.
Desirable
- oKnowledge of NHS-specific policies, frameworks and NHS Digital requirements.
- oExperience in coordinating audits and managing compliance assurance programmes.
Qualifications
Essential
- oA relevant degree or equivalent professional qualification in governance, risk, compliance or a related discipline
- oPractical experience in a governance, risk or compliance role, ideally within the NHS or public sector.
Desirable
- oProfessional certification in a relevant discipline (e.g. IRM, CISA, CRISC, CGRC, CEGIT).
- oPostgraduate qualification in a related field.
- oITIL Foundation qualification.
- oExperience using GRC tools or software platforms.
Person Specification
Personal Qualities, Knowledge and Skills
Essential
- Personal Qualities, Knowledge and Skills
- oProactive mindset with strong problem-solving and critical thinking skills.
- oAbility to work independently and collaboratively within a multidisciplinary team.
- oStrong interpersonal skills and confidence to build relationships at all levels.
- oCommitment to high ethical standards and confidentiality.
- oStrong customer service orientation and commitment to delivering value.
Desirable
- oGenuine interest in governance, risk and compliance, with a drive to stay current on best practices and trends.
Experience
Essential
- oStrong understanding of NHS-relevant regulatory and legislative frameworks (e.g. Data Protection, Health & Safety, CQC).
- oAbility to interpret complex regulations and communicate them clearly to diverse audiences.
- oExcellent written and verbal communication skills with the ability to simplify complex information.
- oStrong analytical skills, capable of assessing risk and interpreting data to draw meaningful insights.
- oProficiency in risk management and reporting tools/software.
- oEffective time management and organisational skills, able to meet deadlines under pressure.
Desirable
- oKnowledge of NHS-specific policies, frameworks and NHS Digital requirements.
- oExperience in coordinating audits and managing compliance assurance programmes.
Qualifications
Essential
- oA relevant degree or equivalent professional qualification in governance, risk, compliance or a related discipline
- oPractical experience in a governance, risk or compliance role, ideally within the NHS or public sector.
Desirable
- oProfessional certification in a relevant discipline (e.g. IRM, CISA, CRISC, CGRC, CEGIT).
- oPostgraduate qualification in a related field.
- oITIL Foundation qualification.
- oExperience using GRC tools or software platforms.
