GRC Analyst

About Our Client

The client is a multinational fintech offering the best digital wealth management technologies.

Job Description

• Assist in the development, implementation, and maintenance of a governance, risk, and compliance framework.
• Collaborate with internal stakeholders to identify compliance requirements and develop processes to ensure adherence.
• Prepare reports and present findings to management, highlighting areas of non-compliance and recommending corrective actions.
• Coordinate and facilitate the IT & Cybersecurity portion of all risk and compliance audits with the business units annually, and work with external audits performing the independent audits.
• Monitor changes in regulatory requirements and industry best practices and make recommendations for adjustments to policies and procedures.
• Provide support to internal and external auditors and execute remediation plans when audit issues and concerns are raised.
• Support vendor due-diligence process, respond adeptly to client questionnaires and help to lead and define overall third-party risk management efforts.
• Support the InfoSec GRC team in implementing and maintaining the necessary control frameworks to support IT Control self-assessments across the organization.
• Support various Apex departments in their annual IT Control self-assessment in the role of an IT risk and control SME.
• Champion transparency through the deployment of insightful operational metrics and KPIs.
• Stay up to date with emerging trends and developments in the field of governance, risk, and compliance.
• Communicate and report to the InfoSec leadership team regarding control testing status, audit issues and deadlines.
• Leverage learning management system(s) (e.g. LinkedIn Learning) to stay current with IT and security technologies, trends, vulnerabilities, and threats to be a value-added member of the team.

The Successful Applicant

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity or equivalent combination of education and experience
• Minimum 2 years of professional experience in the information security or information risk management field.
• Experience in collaborating with engineering teams and external agencies, serving as a critical liaison or auditor.
• CISA, CRISC or CISSP, certificate preferred
• Amenable to a hybrid work arrangement - twice per week onsite
• Amenable to a morning shift

What's on Offer

• Base Pay
• Allowances
• Leaves
• Health Benefits
• Training & Development