Job summary
- Main area
- Governance, Risk and Compliance
- Grade
- NHS AfC: Band 6
- Contract
- Permanent
- Hours
- Full time
- Flexible working
- Job ref
- 914-BSA7414847
- Employer
- NHS Business Services Authority
- Employer type
- NHS
- Site
- Stella House
- Town
- Newcastle upon Tyne
- Salary
- £38,682 - £46,580 per annum
- Salary period
- Yearly
- Closing
- 04/09/2025 23:59
Employer heading
Governance, risk and compliance analyst
NHS AfC: Band 6
Job overview
Are you passionate about improving how we manage governance, risk, and compliance in digital services? We’re looking for a proactive and detail-focused Governance, Risk and Compliance Analyst to join our Digital, Data and Technology (DDaT) directorate at NHSBSA.
In this role, you'll help shape and maintain governance, risk and compliance frameworks across DDaT, working closely with senior colleagues to assess risks, monitor compliance and support improvement. You'll be comfortable interpreting complex regulations, promoting best practice, and building strong relationships across teams.
We're looking for someone with strong communication and analytical skills who’s confident working independently and as part of a team. You’ll bring proven experience in Governance, Risk, Compliance, Assurance, or Audit — ideally gained within the NHS or wider public sector — to help us strengthen our frameworks and deliver real impact.
Main duties of the job
As a Governance, Risk and Compliance (GRC) Analyst, you’ll play a vital role in supporting the development, implementation, and continuous improvement of governance, risk, and compliance frameworks across our Digital, Data and Technology (DDaT) directorate. You’ll work closely with senior leaders and stakeholders to identify and assess risks, develop and monitor control measures, and ensure alignment with statutory, regulatory, and NHS-specific standards.
You’ll help maintain risk registers, coordinate audits, and prepare reports for senior leadership and regulators. You’ll also assist in investigating incidents and compliance breaches, ensuring lessons learned are captured and shared. Your input will support the delivery of training and awareness activities that promote a strong compliance culture across the organisation.
With a keen eye for detail and a proactive mindset, you’ll analyse risk and compliance data, helping drive informed decisions and service improvements. Whether advising teams on best practice, providing data analysis or helping develop policy and process, you’ll be a trusted partner in ensuring our services are well-governed, secure, and high-quality.
Working for our organisation
Here at the NHS Business Services Authority (NHSBSA), what we do matters.
We manage the NHS Pension scheme, process prescription payments and much more. Our services are used by NHS organisations, contractors and the public: we’re proud to be part of something meaningful, that touches millions of lives.
We design our services around customer needs and place people at the heart of our organisation. That’s why when you join us, you’ll be empowered and supported to help your career grow.
As one of the UK’s Best Big Companies to work for, we’re connected to our values: Collaborative, Adventurous, Reliable and Energetic. We care about our people, our purpose, and your progress.
We strive to offer a fantastic colleague experience, where every colleague is heard, supported and respected. Wellbeing, diversity and inclusion is at the centre of this, and you can join our Lived Experience Networks who help us bring our authentic selves to work.
We’re committed to being a flexible employer and we try to offer a working pattern that suits you where possible, through hybrid working, flexible hours and more.
Alongside a competitive salary with pay progression, we offer a people-centric benefits package, connecting you to the rewards and benefits you value most!
Ready to join us in delivering business service excellence to the NHS, helping people live longer, healthier lives? Apply today and see where the NHSBSA can take you.
We are people connected to care.
Detailed job description and main responsibilities
In this role, you are accountable for
Working within NHSBSA’s policies, standing orders, financial regulations and legislative requirements:
1. Governance & Risk Management:
• Assist in the development, implementation, and maintenance of the DDaT Directorates governance, risk, and compliance frameworks.
• Support the identification, assessment, and mitigation of strategic and operational risks across the organisation.
• Contribute to the preparation and review of risk registers and escalate high-risk issues to senior management.
• Assist with the management and development of policies and procedures, ensuring they are regularly reviewed and up to date.
• Monitor risk control measures and report on the effectiveness of mitigation actions.
• Conduct risk assessments and provide advice to DDaT directorate regarding the management and reduction of risks.
2. Compliance Monitoring & Reporting:
• Support compliance activities by ensuring the DDaT directorate adheres to relevant NHS standards, legislation, and regulatory requirements (e.g., NHS regulatory frameworks, Data Security Protection Toolkit, Payment Card Industry Data Security Standard).
• Prepare and present regular reports for senior management on compliance matters and highlight areas of concern.
• Assist in coordinating audits and inspections to assess compliance with internal and external standards.
• Ensure the DDaT directorate remains compliant with local and national guidance, policies, and standards.
3. Compliance Management:
• Ensure that incidents are recorded accurately and that lessons learned are communicated across the DDaT directorate and organisation.
• Support the investigation of compliance breaches and contribute to the development of corrective and preventative actions.
4. Training & Awareness:
• Assist with the development and delivery of training programs and awareness campaigns for DDaT colleagues on governance, risk management, and compliance matters.
• Promote a governance, risk and compliance culture and ensure DDaT Colleagues understand their roles and responsibilities in maintaining high standards.
5. Documentation & Reporting:
• Maintain up-to-date records of risk assessments, compliance activities, and audits.
• Support the preparation of reports for internal and external stakeholders, including regulators, commissioners, and auditors.
• Provide accurate and timely analysis of risk and compliance data to assist with decision-making and improvement initiatives.
6. Continuous Improvement:
• Contribute to the continuous improvement of governance, risk management, and compliance practices within the DDaT directorate and organisation.
• Identify opportunities for process improvements and assist with the implementation of best practice in risk management and compliance activities.
Person specification
Personal Qualities, Knowledge and Skills
Essential criteria
- Personal Qualities, Knowledge and Skills
- • Proactive mindset with strong problem-solving and critical thinking skills.
- • Ability to work independently and collaboratively within a multidisciplinary team.
- • Strong interpersonal skills and confidence to build relationships at all levels.
- • Commitment to high ethical standards and confidentiality.
- • Strong customer service orientation and commitment to delivering value.
Desirable criteria
- • Genuine interest in governance, risk and compliance, with a drive to stay current on best practices and trends.
Experience
Essential criteria
- • Strong understanding of NHS-relevant regulatory and legislative frameworks (e.g. Data Protection, Health & Safety, CQC).
- • Ability to interpret complex regulations and communicate them clearly to diverse audiences.
- • Excellent written and verbal communication skills with the ability to simplify complex information.
- • Strong analytical skills, capable of assessing risk and interpreting data to draw meaningful insights.
- • Proficiency in risk management and reporting tools/software.
- • Effective time management and organisational skills, able to meet deadlines under pressure.
Desirable criteria
- • Knowledge of NHS-specific policies, frameworks and NHS Digital requirements.
- • Experience in coordinating audits and managing compliance assurance programmes.
Qualifications
Essential criteria
- • A relevant degree or equivalent professional qualification in governance, risk, compliance or a related discipline
- • Practical experience in a governance, risk or compliance role, ideally within the NHS or public sector.
Desirable criteria
- • Professional certification in a relevant discipline (e.g. IRM, CISA, CRISC, CGRC, CEGIT).
- • Postgraduate qualification in a related field.
- • ITIL Foundation qualification.
- • Experience using GRC tools or software platforms.
Employer certification / accreditation badges
Documents to download
Further details / informal visits contact
- Name
- Tim Robertson
- Job title
- Governance, Risk and Compliance Principal
- Email address
- [email protected]
List jobs with NHS Business Services Authority in Administrative Services or all sectors