Information Security GRC Specialist

Remote Employee BPO has a great opportunity for you!

Role: Information Security GRC Specialist

Salary: Competitive Basic Salary

Benefits: HMO plus 2 Free Dependents, P1,500 Rice Allowance, Night Differential.

Work set up: Work from Home

Shift schedule: 5-day work week, 8:00 p.m. to 5:00 a.m. Philippine Time

Job Duties and Responsibilities: 

• Conduct risk assessments to identify vulnerabilities and threats and develop mitigation strategies.
• Develop and implement GRC frameworks, policies, and procedures aligned with industry standards such as NIST, ISO 27001, SOC 2, HIPAA, PCI DSS, and GDPR.
• Monitor and ensure compliance with internal controls, regulatory requirements, and security policies.
• Manage audits, including ISO 27001 and SOC 2 certifications, and provide documentation to internal and external audit teams.
• Implement automated GRC processes to continuously monitor information security controls, risks, exceptions, and testing.
• Evaluate security incidents, vulnerability scans, penetration test results, and risk assessments to recommend corrective actions.
• Document and report control failures, gaps, and remediation plans to stakeholders.
• Develop security standards, procedures, and controls to manage and mitigate risks across the organization.
• Maintain a central repository of compliance and audit evidence, ensuring readiness for assessments.
• Provide training and guidance to staff on security standards and regulatory compliance.
• Prepare reports and presentations for leadership on risk management, compliance performance, and cybersecurity strategies.
• Stay current on technological advancements, security best practices, and regulatory changes to serve as a technical resource for the organization.
• Support incident response operations, business continuity planning, and disaster recovery initiatives.

Qualifications:

• Bachelors Degree in Information Security, Cybersecurity, Business Administration, or a related field. Equivalent experience may substitute for educational requirements.

Certifications (Highly Preferred):

• CISSP, CISA, CISM, CRISC, or similar certifications.

Experience:

• 3-5 years of experience in governance, risk, and compliance (GRC), cybersecurity, or a related field.
• Experience in highly regulated industries such as healthcare, financial services, or education is preferred.

Technical Knowledge:

• In-depth knowledge of risk management frameworks (e.g., NIST, ISO 31000) and compliance regulations (HIPAA, PCI, SOC 2, GDPR, etc.).
• Familiarity with GRC tools like ServiceNow, Archer, or MetricStream.
• Expertise in cybersecurity principles, network infrastructure, and information systems auditing.

Skills:

• Strong analytical and problem-solving skills with the ability to interpret and apply complex regulatory requirements.
• Proficiency in developing and implementing governance, risk, and compliance strategies.
• Effective communication and interpersonal skills to collaborate with cross-functional teams and present findings to stakeholders.
• Proficiency in preparing dashboards, reports, and metrics related to security and compliance performance.

Abilities:

• Apply a risk-based approach to auditing, risk assessment, and remediation activities.
• Handle sensitive and confidential information with integrity.
• Work independently while managing multiple tasks and deadlines.
• Adapt to high-pressure situations and resolve issues calmly and effectively.