Grc analyst, iso 27001 and information security compliance

Gujarat · Hybrid · Full-time

Script Assist is building the operating system for next-generation private healthcare in the UK.

We already support tens of thousands of medical cannabis prescriptions every month through a live healthcare Saa S platform used by clinics, doctors, pharmacies and operational teams.

The platform supports prescribing, dispensing, pharmacy workflows, patient operations, records, payments, audit trails and regulated healthcare processes.

This is not generic back-office software. It is live healthcare infrastructure operating in a regulated environment where information security, data protection, evidence, controls and operational discipline genuinely matter.

As Script Assist grows, we are strengthening our foundations across:
ISO 27001
ISMS documentation
information security compliance
GRC
audit evidence
policies and SOPs
risk registers
control tracking
GDPR and data protection documentation
Cyber Essentials support
regulated healthcare operations

We are looking for a sharp, organised and detail-driven GRC Analyst to help keep this compliance machine moving.

The role
This is a hands-on GRC / ISO 27001 / information security compliance role.
You will help maintain the documentation, trackers, evidence, follow-ups and control records that support our compliance framework.
This is a strong opportunity for someone who has worked in:
GRC
compliance
information security compliance
ISO 27001 support
ISMS documentation
audit support
internal audit
risk and compliance
policy and SOP management
regulated operations
You do not need to have independently led ISO 27001 certification.
You do not need to be a GDPR lawyer or privacy specialist.
You do need to be organised, careful, reliable and comfortable keeping compliance evidence and documentation under control.

What you'll do
You will support:
ISO 27001 readiness and ISMS maintenance
compliance trackers and control follow-ups
audit evidence collection
policy and SOP management
risk registers and risk treatment tracking
internal compliance reporting
evidence repositories
control owner follow-ups
Cyber Essentials or security compliance support where needed
GDPR and data protection documentation
DPIAs, Ro PA, DSAR logs, incident logs or processor records where required
internal compliance packs for leadership and technical teams
You will work with internal teams across technology, operations, product and leadership to make sure compliance actions are tracked, evidenced and followed through properly.
This is a practical operating role. You will be helping to make sure that nothing gets missed, forgotten, undocumented or left unmanaged.

What we're looking for
We are looking for someone with:
2+ years' experience in GRC, compliance, audit, ISO 27001 support, information security compliance, risk, governance or regulated operations
exposure to ISO 27001, ISMS, audit readiness, control tracking or evidence collection
experience working with policies, SOPs, risk registers, audit evidence, compliance trackers or control documentation
strong documentation skills
strong attention to detail
good written English
a structured and dependable working style
confidence chasing internal teams for updates and evidence
interest in healthcare Saa S, information security, ISO 27001, GRC and data protection
ability to work in a Gujarat-based hybrid role

Helpful experience
Helpful experience includes:
ISO 27001 evidence collection
ISMS documentation
internal audit support
external audit preparation
risk registers
policy review
SOP management
control testing
control tracking
audit evidence repositories
compliance dashboards or trackers
information security compliance
Cyber Essentials support
GDPR / UK GDPR documentation
DPIAs
Ro PA
DSAR logs
incident logs
breach logs
vendor or processor records
Saa S, healthcare, fintech or regulated business experience
You do not need to have all of these. The most important thing is that you are organised, careful, clear and comfortable managing compliance evidence and follow-ups.

This role is likely a good fit if you have worked as a
GRC Analyst
Compliance Analyst
Compliance Executive
Information Security Compliance Analyst
ISO 27001 Analyst
ISMS Coordinator
Risk and Compliance Analyst
Governance Analyst
Audit Associate
Internal Audit Executive
Security Compliance Executive
Quality or Compliance Executive in a regulated business

This role is probably not a fit if you want
a senior Compliance Manager role
a legal counsel role
a DPO role
a pure HR compliance role
a pure finance compliance role
a purely technical cybersecurity role
a role with no documentation, trackers or evidence management
a role where you are not expected to chase people and keep details organised

Why join Script Assist?
This is a chance to build serious GRC experience inside a fast-growing healthcare technology company.
You will get exposure to:
healthcare Saa S
medical cannabis operations
ISO 27001
information security compliance
GDPR and data protection
regulated healthcare workflows
audit readiness
operational controls
real compliance foundations inside a scaling business

If you are early in your compliance career and want a role where your organisation, documentation and follow-through genuinely matter, this is a strong opportunity.