tombola
Governance, Risk & Compliance (GRC) Analyst

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Governance, Risk & Compliance (GRC) Analyst
Sunderland - hybrid - Perm 🎯 Some roles sit in tech. Some sit in compliance. This one sits right in the middle. We’re looking for someone who can confidently bridge both worlds, understanding the technical detail while translating it into clear, practical guidance across the business. This role has opened up due to an internal promotion into a senior position, something we love to celebrate at tombola as part of how we grow and develop our people. We’re on the lookout for a Governance, Risk & Compliance (GRC) Analyst to join our friendly and growing InfoSec team here at tombola. You’ll be joining a collaborative team of security-minded professionals along side our Operational Security, Offensive Security and IT Support Teams. We take what we do seriously, but we don’t take ourselves too seriously. What you’ll be doing 👀 This is a key role where you’ll sit right at the heart of how we balance security, compliance and innovation. You’ll be helping us shape and deliver an effective technical compliance framework, making sure we maintain a strong security posture while still moving at pace as a business. Working closely with technology teams, compliance, and stakeholders across tombola, you’ll help identify, assess and manage technology and security risks. A big part of your role will be translating complex technical and regulatory requirements into something meaningful and actionable for different audiences across the business. You’ll also: Support the ongoing development and improvement of our ISMS, policies, standards and processes Lead and support audits, working with external partners and Group teams Help ensure our platforms and games meet both local and international regulatory requirements Act as a key point of contact between InfoSec and the wider business, building strong relationships and driving the right outcomes What we’re looking for 🧠We’re looking for someone who’s curious, confident and comfortable operating between technical and non-technical worlds. You don’t need to be hands-on coding, but you do need to understand technology well enough to ask the right questions, challenge where needed and hold your own in conversations with technical teams. You’ll likely bring: A strong understanding of security frameworks, standards or compliance environments The ability to interpret technical concepts and communicate them clearly to different audiences Confidence to challenge, influence and guide stakeholders across the business Strong organisational skills, with the ability to manage multiple priorities We’d also love someone who: Is naturally inquisitive and enjoys getting into the detail Is comfortable asking questions and challenging the status quo Enjoys working with a wide range of people and building relationships Takes pride in doing things thoroughly and properly Ways of working 🤝 This role is based at our Sunderland HQ, with a hybrid approach of 3 days in the office and 2 days working from home. That means plenty of time collaborating with the team, alongside space to focus and get stuck into the detail. Why tombola 🚀 We’re a business built on innovation, collaboration and doing things differently. We’re always looking to improve how we work and we genuinely welcome new ideas and perspectives. If you’re looking for a role where you can make an impact, grow your career and be part of a team that backs each other, we’d love to hear from you. At tombola we know that our differences make us stronger and that thinking differently is key to long term success. We work hard to create a culture of inclusivity where everyone can celebrate our Free to be mevalue. We are committed to creating opportunities for everyone here at tombola, we welcome applications from all backgrounds and encourage individuals to apply, even if you don’t meet every requirement.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills