About the Role

We are seeking a detail-oriented and proactive IT Security GRC (Governance, Risk, and Compliance) Analyst with a minimum of 4 years of relevant experience to support and enhance our cybersecurity risk and compliance programs. This role will help ensure that the organization's information security practices align with regulatory requirements, internal policies, and industry standards.

As an IT Security GRC Analyst, you will work closely with various business and technology stakeholders to monitor, assess, and report on security risks, compliance obligations, and policy adherence across the enterprise.

Key Responsibilities

️ Governance

• Support the development, implementation, and maintenance of information security policies, standards, and procedures.
• Assist in aligning security governance with industry frameworks such as ISO 27001, NIST, CIS, or COBIT.

Risk Management

• Conduct IT risk assessments and control reviews across business units and systems.
• Maintain the risk register, track remediation activities, and support risk reporting to management.
• Collaborate with stakeholders to identify, assess, and mitigate security risks.

✅ Compliance

• Assist with internal and external audits, ensuring readiness and timely resolution of findings.
• Monitor regulatory compliance requirements (e.g., GDPR, PDPA, SOX, MAS TRM, etc.) and ensure controls are implemented accordingly.
• Support third-party/vendor risk assessments and compliance due diligence.

Monitoring & Reporting

• Monitor and track the implementation of security controls and report gaps.
• Prepare security risk metrics, dashboards, and compliance reports for internal stakeholders.

Awareness & Engagement

• Contribute to the development of security training and awareness programs.
• Support change initiatives to strengthen a culture of security compliance and accountability across the organization.

Required Skills & Experience

• Minimum 4 years of experience in IT security, GRC, risk management, or audit functions.
• Solid understanding of cybersecurity principles, regulatory frameworks, and risk methodologies.
• Familiarity with standards such as ISO 27001, NIST, SOC 2, COBIT, CIS Controls, or relevant compliance laws (e.g., GDPR, MAS TRM, PDPA).
• Experience supporting or conducting internal/external audits and assessments.
• Strong analytical skills and attention to detail.
• Effective communication skills, both written and verbal, to interface with technical and non-technical stakeholders.
• Ability to manage multiple tasks and prioritize in a dynamic environment.

Preferred Qualifications

• Professional certifications such as CISA, CRISC, CISM, CISSP, or ISO 27001 Lead Implementer/Auditor.
• Experience working in regulated industries such as financial services, technology, or healthcare.
• Exposure to GRC tools (e.g., Archer, ServiceNow GRC, OneTrust).

EA License No.: 23S2046

KAH License No.: R1652932

jessica@amsers-con.com