Senior IT GRC Analyst

Senior IT GRC Analyst

About Our Client Partner: Our client partner is a leading and dynamic conglomerate. They are committed to maintaining the highest standards of IT governance, risk management, and compliance across their diverse portfolio. Joining their team means becoming part of an innovative environment where your expertise directly contributes to safeguarding critical information and ensuring robust operational integrity.

The Role: Senior IT GRC Analyst We are seeking a highly skilled and proactive Senior IT GRC Analyst to play a crucial role in our client partner's organization. This position is responsible for developing, implementing, and meticulously maintaining IT governance, risk management, and compliance programs throughout their extensive network of companies. The ideal candidate will possess a robust background in IT security, risk assessment, and regulatory compliance, coupled with exceptional communication and collaborative skills to effectively engage with stakeholders at all levels.

Key Duties & Responsibilities:

Develop and maintain comprehensive IT governance, risk management, and compliance frameworks.

Implement and manage effective IT controls and procedures for robust risk mitigation and adherence to regulatory compliance standards (e.g., PDPA, HIPAA, ISO 27001).

Monitor and evaluate IT security policies, procedures, and controls to ensure ongoing effectiveness and regulatory adherence.

Provide expert guidance and support on IT risk management, compliance issues, and evolving regulatory requirements.

Coordinate and assist with both internal and external audits, including meticulous preparation of all necessary audit documentation.

Stay updated with emerging trends, cutting-edge technologies, and significant regulatory developments in IT GRC and cybersecurity.

Contribute significantly to IT GRC training and awareness programs, fostering a strong security and compliance culture across the organization.

Requirements:

A detail-oriented individual with a proactive approach to problem-solving, capable of adapting to changing information and dynamic situations.

An Academic Degree or Qualification in Information Security, Computer Science, or Information Technology.

Possession of at least one professional certification such as SSCP, Security+, ISO 27001 Lead Auditor, ISO 22301 Lead Implementer, or ISO 27701 Lead Implementer is highly preferable.

2-3 years of proven experience in a GRC function or an information security role within the industry.

Demonstrable exposure in developing and implementing information security compliance programs.

Strong knowledge of relevant security frameworks and standards (e.g., NIST 800-53, NIST CSF, ISO 27001, ISO 27701).