Skip to content

Junior Security Analyst – GRC

Relevant Experience: 0-1 years

Job Description

Information Security and Compliance Analyst will be a member of the information security team and assist with a wide range of information security tasks including, but not limited to ISMS policy, SOC2 compliance procedure creation and improvement, and technical controls implementation, auditing and review including Cloud and Devops security. As part of this position, the successful candidate will work closely with teams across the organisation from HR, accounting, administration, IT, and engineering to ensure our standards are both sufficient to maintain our security posture and being adhered to by all parts of the organisation.


The Analyst will be expected to:

  1. Support on compliance reviews, certifications and accreditations (e.g. ISO27001, SOC2, GDPR etc).
  2. Review, Monitor, Audit, Report Cloud and Devops Security and recommend appropriate measures as per best practices.
  3. Enhance risk and compliance strategy in alignment with internal controls, audit and business requirements and objectives.
  4. Review, assess and document current internal controls.
  5. Translate legal and regulatory requirements into a unified collection of processes and provide the respective stakeholders with compliance requirements and methodologies.
  6. Facilitate Client assessments.
  7. Collaborate with engineering, product and cloud teams to ensure security compliance and continually improve processes.
  8. Facilitate internal & external audits and conduct reviews to verify compliance.
  9. Manage all internal and external audit findings and ensure their remediation on an agreed schedule with the respective stakeholders.
  10. Collaborate with the privacy team and the data management team on implementation of global policies.
  11. Managing security incidents and taking appropriate corrective actions.
  12. Define risk and compliance metrics and provide monthly reporting to management, including gaps in policy and proposed resolutions.
  13. Maintain a risk register and manage risk mitigation plans.
  14. Frequently update domain knowledge by tracking incoming regulations, maintaining knowledge of relevant frameworks and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organisations and obtaining relevant certifications.
  15. Conduct trainings on information security awareness for new joiners .

Experience & Qualifications

  1. Must be a Graduate. Preferably in Computer Science / Computer Applications / Business Administration.
  2. Possess excellent listening skills and proficient oral and written communications.
  3. Have a proven ability to work effectively in a loosely structured team environment that demands a high degree of cooperation, flexibility, teaming, cross group and real-time responsiveness.
  4. Excellent written and verbal communication skills, as demonstrated by prior experience writing policies and/or providing company-wide trainings.
  5. Ability to synthesize both complex and ambiguous requirements into actionable plans, as demonstrated through prior experience managing cross-functional programs.
  6. Ability to foresee security and privacy risks and identify reasonable mitigation strategies that fit the business context.
  7. People-oriented with the ability to build relationships, persuade stakeholders and manage conflict across a variety of functions and skill levels.
  8. Identify control gaps and support remediation of findings.
  9. Ability to contribute to internal ISO 27001 assessments.
  10. Contribute to and achieve business and departmental goals and objectives.