Information Security GRC Analyst I (Hybrid)

About The Position

Requirements

• 1+ years of audit, technical compliance, or information security experience.
• Bachelor’s degree in information systems (IS), Cybersecurity, or related field; or an equivalent combination of training and progressively responsible experience that will result in the required specialized knowledge and abilities to perform the assigned work in lieu of degree.
• Strong understanding of IT governance, risk management, and compliance frameworks (e.g., ISO 27001, NIST, COBIT, PCI-DSS), with proven experience in conducting risk assessments, audits, and compliance initiatives.
• Self-motivated professional with excellent analytical, problem-solving, and communication skills, and the ability to work both independently and collaboratively in a fast-paced environment.
• Demonstrated ability to lead security projects and initiatives from conception to completion.
• Relevant certifications such as CISA, CISM, CRISC, or CISSP are highly desirable.

Nice To Haves

• Understanding of networking protocols, encryption algorithms, Cloud security concepts and familiarity with industry recognised security technologies.
• Foundational understanding of Gen AI concepts, AI-specific risks, to ensure that internal AI initiatives align with emerging governance frameworks and ethical guidelines.
• Ability to automate security and operational tasks using scripting languages (e.g., Python, PowerShell, Bash).

Responsibilities

• Support the development, implementation, and maintenance of IT governance frameworks (e.g., COBIT, ITIL), ensuring alignment with organizational and regulatory requirements.
• Oversee the lifecycle of IT policies and standards, including creation, review, approval, communication, and monitoring for compliance.
• Manage third party vendor risk, including AI and cloud service providers, by conducting due diligence, security and compliance assessments, contract/control reviews, and ongoing performance and risk monitoring.
• Support IT risk management by identifying, assessing, and tracking technology risks, maintaining risk registers, and coordinating mitigation and monitoring activities with control owners.
• Perform internal audits and assist in evidence collection for client audits and compliance frameworks, including but not limited to ISO 27001, PCI, SOX, SOC 1 & 2, and other relevant standards.
• Conduct phishing simulation campaigns, perform meaningful analysis of results, and manage the overall security awareness program to drive continuous improvement in user security behaviour.
• Provide expert support in the assessment, design, implementation, and ongoing enhancement of technical controls and processes, including reviewing IT systems and tools to ensure appropriate controls are in place.
• Collaborate with control owners and system administrators to review test findings, remediate IT control gaps, and drive improvements that enhance the quality, consistency, and operability of new and existing controls.
• Lead the completion of client security questionnaires and RFPs, ensuring accurate and timely responses.

Benefits

• Hybrid work model provides a flexible work/life balance
• Voluntary Provident Fund is an additional voluntary contribution scheme associated with the statutory Employee Provident Fund (EPF)
• Our Gift of Knowledge Program provides tuition assistance and substantial discounts for our employees and close family members
• Comprehensive health benefits new hire eligibility starts on day 1 of employment
• Generous Paid Time Off includes National holidays(10), Earned leaves(15), sick leave(12), plus one (1) volunteer day to participate and give back to our local communities
• Gratuity is applicable upon completion of 5 years as per the Gratuity Act
• We are committed to providing a supportive and rewarding work environment where every employee can thrive.