GRC Analyst

We have an exciting Manila-based opportunity available for a GRC Analyst to work on day shifts. Work from home or office-based – you choose!

When you join Yempo, you’ll receive the following fantastic benefits:

• Highly competitive salary – paid weekly!
• HMO enrollment on commencement
• Additional HMO dependents added each year of service
• 20 vacation days per year; 7 sick days
• Annual performance bonuses and incentives
• Annual salary reviews and increases
• Free cooked rice, snacks and hot drinks
• Company polo shirts provided
• Fantastic, bright and cheerful open-plan work environment
• Prestigious clients and highly professional and friendly co-workers

About the Role

The GRC Analyst is responsible for supporting the governance, risk, and compliance (GRC) functions within the security team. This role involves assisting in the implementation and maintenance of security frameworks such as ISO 27001, PCI DSS, ISO 42001, and Cyber Essentials. The Security GRC Analyst will help identify and manage risks, ensure compliance with regulatory and industry standards, and support security governance initiatives to enhance client’s security posture.

Key Responsibilities

Security Governance & Compliance

• Assist in the implementation and maintenance of security frameworks (ISO 27001, PCI DSS, ISO 42001, Cyber Essentials).
• Support compliance assessments, audits, user access reviews, and internal security reviews.
• Maintain security policies, standards, and procedures, ensuring they align with industry best practices and regulatory requirements.
• Collaborate with internal stakeholders to ensure security governance requirements are met.
• Track and manage security compliance metrics and reporting.
• Leverage AI-driven tools and automation to enhance security governance and compliance processes.

Risk Management

• Support risk assessments to identify, assess, and mitigate security risks.
• Maintain and update the risk register, ensuring risks are tracked and assigned appropriate treatment plans.
• Assist in third-party risk assessments, evaluating vendors’ security postures.
• Work with security teams to implement risk mitigation strategies and track remediation efforts.
• Utilize AI and automation to enhance risk assessment and monitoring capabilities.

Security Awareness & Training

• Support the development and delivery of security awareness programs to promote a security-first culture.
• Assist in security training initiatives for employees and key stakeholders.
• Monitor and report on the effectiveness of security awareness programs.

Audit & Assurance

• Completion of security questionnaires, RFPs and security responses to provide customers assurance in Prezzee products and services.
• Assist in preparing for internal and external security audits, ensuring evidence collection and documentation is up to date.
• Support remediation efforts following audit findings, tracking corrective actions.
• Contribute to continuous improvement initiatives to enhance security controls and compliance measures.
• Implement AI-driven analytics to streamline audit preparation and compliance monitoring.

Your Background

• 2+ years of experience in security governance, risk, and compliance (GRC) or related fields.
• Knowledge of ISO 27001, PCI DSS, ISO 42001, Cyber Essentials, and risk management frameworks.
• Experience conducting risk assessments and maintaining risk registers.
• Strong written and verbal communication skills for policy writing and reporting.
• Familiarity with security audit processes and third-party risk management

Disclaimer for salary ranges. Yempo provides an indicative range of salary that we deem relevant for the advertised role. This may be adjusted for the skills and experience of the selected candidate.