GRC Analyst

The GRC Engineer/Analyst supports the organizations security governance and compliance initiatives. This role assists in risk assessments, policy development, internal audits, vendor security reviews, and compliance with industry frameworks such as ISO 27001, SOC 2 etc. The candidate will collaborate with technical and business teams to improve the overall security posture.

• →Assist in conducting risk assessments and tracking remediation actions.
• →Support the creation, review, and maintenance of security policies, standards, and procedures.
• →Participate in internal audits, evidence collection, and compliance reporting.
• →Help monitor and evaluate security controls across IT and cloud infrastructure.
• →Work on third-party/vendor risk assessments and due-diligence activities.
• →Contribute to the Information Security Awareness Program (training, awareness content).
• →Support governance activities related to:
• →ISO 27001
• →SOC 2 Type I & II
• →GDPR and data protection requirements
• →Help document and track incidents and corrective actions in coordination with SOC/IT.
• →Assist in maintaining the risk register and compliance dashboards.
• →Perform gap assessments against security frameworks and best practices (e.g., NIST CSF).
• →Stay up to date on emerging cybersecurity risks and regulatory changes.

• Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• At least one year of experience in the field of GRC/Information security
• Basic knowledge of information security principles, risk management, and compliance frameworks.
• Familiarity with ISO 27001, SOC 2, NIST, or similar standards (academic or training exposure acceptable).
• Strong analytical thinking, problem-solving skills, and attention to detail.
• Good communication and documentation skills (English verbal & written).