We are seeking a highly motivated Governance, Risk, and Compliance (GRC) Specialist to strengthen our organization’s security posture and ensure adherence to regulatory and industry standards. The GRC Specialist will support the design, implementation, and monitoring of risk management, compliance, and governance processes across the enterprise.

This role will act as a trusted partner to the regional CISO, helping coordinate strategic initiatives, manage priorities, follow up on action items, and ensure smooth communication across departments and stakeholders.

The ideal candidate combines strong organizational and communication skills with an understanding of cybersecurity, risk management, and compliance. This position is well-suited for someone looking to develop a career in information security leadership and governance.

Key Responsibilities:

Governance & Policy Management

• Develop, update, and maintain security and compliance policies, procedures, and guidelines.
• Ensure alignment of policies with industry best practices, frameworks (ISO 27001, NIST, SOC 2, etc.), and regulatory requirements (GDPR, PIPL, PDPA, etc.).

Risk Management

• Support the risk assessment process by identifying, analyzing, and reporting risks.
• Maintain the risk register and track remediation activities.
• Collaborate with business units to implement effective risk mitigation strategies.

Compliance & Audit

• Assist with internal and external audits (ISO 27001, SOC 2, PCI-DSS, etc.).
• Gather and organize evidence of compliance for auditors and regulators.
• Monitor changes in applicable regulations and frameworks to ensure ongoing compliance.

Awareness & Training

• Support security awareness initiatives and training programs.
• Promote a culture of compliance and risk awareness across the organization.

Reporting & Monitoring

• Prepare periodic reports and metrics for management on risk, compliance, and governance activities.
• Monitor control effectiveness and compliance status across business units.

Qualifications & Skills

• Bachelor’s degree in Information Security, Risk Management, Computer Science, or a related field (or equivalent experience).
• 2–5 years of experience in GRC, risk management, information security, or audit.
• Knowledge of standards and frameworks such as ISO 27001, SOC 2, NIST CSF, CIS Controls.
• Familiarity with data privacy regulations (GDPR, PDPA, etc.).
• Strong analytical, organizational, and communication skills.
• Experience with GRC tools (e.g., Archer, ServiceNow GRC, OneTrust) is a plus.
• Professional certifications such as CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or CISSP are advantageous.

What We Offer:

• Opportunity to work closely with senior leadership in shaping the company’s cybersecurity strategy.
• Exposure to global security, compliance, and risk management initiatives.
• Professional development and training opportunities in cybersecurity and leadership.
• Collaborative and inclusive work environment.