GRC Analyst

We are seeking a highly motivated and detail-oriented GRC Analyst to join our team. The GRC Analyst will assist in the development, implementation, and management of governance, risk, and compliance programs. The GRC Analyst is responsible for supporting the organization's information security governance framework, risk management processes, and regulatory compliance efforts. As part of the Second Line of Defense, the GRC Analyst helps ensure security risks are identified, assessed, and mitigated, and that policies, standards, and procedures are implemented to maintain compliance with internal and external requirements.

1. Risk Management:
   • Contribute to identifying, assessing, and documenting risks and controls.
   • Facilitate in conducting risk assessments and internal audits to evaluate the effectiveness of existing controls.
   • Identify and report on IT risk, including security breaches, to initiate corrective action and meet business and regulatory requirements;
   • Facilitate independent IT risk assessments and IT risk management process reviews, including third party service providers to ensure they are performed efficiently and effectively;
   • Act as coordinator and point-of-contact in cyber risk management activities i.e. cyber risk measure, prevention, detection, and recovery;
   • Responsible for staying abreast of the latest cyber security practices, technologies, incidents, and emerging threat;
2.  Oversee incident response planning, as well as the investigation of cyber security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary;
3. Compliance:
   • Support the implementation and maintenance of compliance programs to ensure adherence to regulatory requirements.
   • Assist in the preparation and submission of compliance reports.
4. Governance:
   • Contribute to the development and maintenance of governance frameworks, standards, guidelines, policies and procedures.
   • Support the monitoring and enforcement of governance standards across the organization.
5. Data Analysis and Reporting:
   • Collect and analyze data to identify trends, issues, and areas for improvement.
   • Assist in preparing reports and presentations for senior management and other stakeholders.
6. Training and Awarness:
   • Assist in the development and delivery of training programs to educate employees on GRC policies and procedures.
   • Contribute to promoting culture of compliance and risk awareness throughout the organization.
7. Documentation:
   • Maintain accurate and up-to-date documentation of all GRC activities.
   • Assist in the development and maintenance of risk registers, compliance matrices, and other GRC-related documentation.

Job Requirements:

1. Hands-on experience in Information Technology and risk assessment in the Financial / Banking Industry.
2. Familiar with financial services sector, financial transactional processes, technology system, regulatory requirements and internal controls (e.g. BNM RMIT, e-money guidelines, outsourcing guidelines, risk governance and business continuity management)
3. Competence in the use of standard Microsoft Office Suite applications.
4. In-depth knowledge with industry standard technology, information and cyber risk/security management framework.
5. Process knowledge of regulatory supervision on IT risk.
6. Minimum Degree in Computer Science or equivalent technical degree.
7. 1-2 years of experience in GRC, risk management, compliance, or a related field (internship experience acceptable).
8. Basic understanding of GRC concepts and frameworks (e.g., ISO 27001, NIST, GDPR).