You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Rosemary A.RA

Rosemary A.

GRC Analyst | ISO27001,SOC 2 Compliance Specialist

£300/day
Sheffield, GB
3-7 years

Average response time: 1 hour

About Rosemary

I help businesses make sense of risk and compliance—without the jargon or unnecessary complexity. As a GRC analyst, I turn regulatory requirements into clear, practical actions so you can stay compliant and move forward with confidence.

From risk assessments and control testing to policy writing and audit readiness, I support organisations at every stage of their GRC journey. Whether you’re building a framework from scratch or tightening up existing processes, I focus on solutions that actually work in the real world.

What makes me different? I don’t just point out risks—I help you fix them in a way that fits your business. Clear, pragmatic, and aligned with your goals.
  • English

    Native or bilingual

Remote only
Primarily works remotely

Experience

  • Freelancer
    GRC Analyst
    ENERGY AND UTILITIES
    August 2023 - Today (3 years)
    Rotherham, United Kingdom
    • Delivered GRC, information security, and compliance solutions for clients across the e-commerce, financial services, and healthcare sectors.
    • Led ISO 27001 implementation and audit readiness initiatives, developing and enhancing ISMS documentation, policies, risk registers, and control frameworks to support successful certification and continual improvement.
    • Designed and implemented information risk assessment and risk treatment frameworks, reducing compliance gaps by 30% and strengthening governance and decision-making.
    • Coordinated cross-functional stakeholders and third-party providers to drive control implementation, monitor remediation activities, and ensure alignment with business and regulatory requirements.
    • Conducted internal audits and compliance assessments against ISO 27001, COBIT, PCI DSS, and SOX, improving audit readiness and reducing audit findings by 25%.
    • Developed and enhanced governance policies, standards, and procedures aligned with ISO 27001 and information security best practices.
    • Collaborated with IT and business teams to strengthen information security and data governance controls, reducing unauthorised access incidents by 20%.
    • Implemented compliance monitoring and reporting processes that improved reporting efficiency by 40% and enhanced management visibility of risk and compliance performance.
    ISO 27001 SOC2 GRC (Governance, Risk and Compliance) Regulatory Compliance (ISO 27001, NIST, GDPR) Third-Party Risk Management (TPRM) & Vendor Due Diligence
  • SecureNet Dynamics Ltd.
    Risk & Compliance Specialist
    October 2022 - August 2023 (10 months)
    • • Led third-party risk assessments for over 15 vendors, successfully reducing vendor-related security risks by 20%.
    • • Designed and delivered security awareness training for 50+ employees, increasing policy compliance by 35%.
    • • Coordinated cross-functional teams to ensure alignment with ISO 27001 , directly contributing to the organization's successful certification.
    • • Developed a risk escalation process that improved response times to compliance issues by 50%.
  • SecureNet Dynamics Ltd.
    Risk & Compliance Specialist
    October 2022 - August 2023 (10 months)
    • Led third-party risk assessments for over 15 vendors, reducing vendor-related security risks by 20% and ensuring contract compliance.

Recommendations

Be the first to recommend Rosemary

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Master of Laws
    Sheffield Hallam University
    Master of Laws
  • Completion of Personalized Mentorship in GRC
    Bugfreak Academy.
    Completion of Personalized Mentorship in GRC

Skill set

Categories