Senior Governance Risk and Compliance Analyst

Our client is seeking a Senior GRC Analyst to support enterprise-wide governance, risk, and compliance initiatives across a global environment. This role offers the opportunity to work across IT risk management, third-party risk assessments, audit coordination, and security compliance programs, while partnering with cross-functional teams in a highly regulated and security-focused organization. The position plays a key role in strengthening the company's security posture through risk assessments, control monitoring, compliance reporting, and continuous improvement initiatives aligned with frameworks such as ISO 27001, NIST, and COBIT.

The successful candidate will lead and support activities related to risk management, vendor security reviews, audit engagements, and security governance projects, while collaborating closely with IT, Legal, Procurement, and business stakeholders. You will also help drive remediation efforts, manage compliance documentation and reporting, mentor junior analysts, and contribute to the enhancement of security controls, policies, and operational processes. This role is ideal for candidates with strong experience in GRC operations, audit support, and third-party risk management within complex enterprise environments.

Key Responsibilities

Risk Management & Compliance

• Conduct and lead IT risk assessments, mitigation planning, control reviews, and risk reporting activities.
• Maintain and oversee risk documentation, ensuring records are accurate, updated, and aligned with stakeholder requirements.
• Identify, track, and manage risks, issues, and remediation efforts through to resolution.
• Monitor GRC metrics, dashboards, and KPIs to evaluate compliance performance and emerging trends.
  
• Review and manage IT exception and exemption requests through ServiceNow.

Third-Party Risk Management (TPRM)

• Manage third-party security assessments and support the ongoing maturity of the TPRM program.
  
• Evaluate assessment findings, prepare risk summaries, and recommend remediation strategies.
• Partner with business owners and vendors to address identified security and compliance gaps.
  
• Participate in customer and vendor risk discussions, representing the organization's security and compliance posture

Audit & Regulatory Compliance

• Support and lead intemal and external audit activities, including ITGC, ISO 27001, SOC 1/2/3, and ISAE
  3402 engagements.
• Ensure alignment with industry frameworks and regulatory standards such as ISO 27001, NIST, COBIT,
  SOX HIPAA and GDPR.
• Coordinate with auditors and intemal stakeholders to provide supporting evidence, documentation, and
  process improvements.

Security Governance & Projects

• Contribute to the design, enhancement, and monitoring of security controls, policies, and govemance
  processes.
• Analyze recurring risk and compliance issues and recommend improvements to controls, procedures, or
  awareness initiatives.
• Lead or support security and compliance projects, ensuring successful delivery and alignment with
  business objectives.

Leadership & Cross-Functional Collaboration

• Act as an escalation point for govemance, risk, and compliance concems.
• Mentor junior GRC team members by assigning tasks, reviewing outputs, and providing guidance.
• Collaborate with teams across IT, Legal, Procurement, and business units to support GRC initiatives.
• Communicate technical and regulatory requirements in a clear, business-focused manner.

Required Qualifications

• Bachelor's degree or equivalent professional experience.
• At least 5 years of experience in IT risk management, audit coordination, and security compliance.
• Strong working knowledge of frameworks such as ISO 27001, NIST SP 800-53, NIST CSF, and COBIT.
• Experience supporting SOC 1, SOC 2, SOC 3, and ISAE 3402 audits and reporting requirements.
• Proven experience managing Third-Party Risk Management (TPRM) activities.
• Familiarity with regulatory and privacy requirements including SOX, HIPAA, and GDPR.
• Hands-on experience with GRC platforms and tools such as ServiceNow, OneTrust, and SecurityScorecard.
• Strong analytical, reporting, problem-solving, and stakeholder management skills.
• Ability to manage priorities effectively while mentoring junior team members.

Preferred Qualifications

• Relevant certifications such as CISA, ISO Lead Implementer/Auditor, or equivalent security credentials.
• Experience leading enterprise-wide security or compliance initiatives.
• Comfortable presenting risk and compliance concepts to non-technical audiences.
• Demonstrated success in strengthening organizational security and compliance posture.

Education & Certifications

• Bachelor's degree or equivalent experience required.
• Industry-recognized certifications in security, audit, or compliance are preferred.

Availability

• Willingness to provide on-call support when required.
• Flexibility to work outside standard business hours, including weekends, holidays, or evenings as needed.

Work Setup

• Onsite (Mandaluyong, NCR)
• Mid-shift, 3PM to 12MN
• Competitive salary and benefit package