governance, risk and compliance

BASIC FUNCTIONS

The GRC Specialist will be responsible for developing, implementing, and maintaining governance, risk management, and compliance frameworks and policies. This role requires a strong understanding of regulatory requirements, industry standards, and best practices in GRC.

Essential Duties and Responsibilities:

1. General Responsibilities:

2. Assists in the development and implementation of GRC policies, standards, programs, and procedures in alignment with industry best practices and regulatory requirements.

3. Assist in establishing and maintaining an effective and robust GRC governance framework to ensure effective oversight and decision-making.
4. Stay abreast of relevant laws, regulations, and industry standards pertaining to Governance, Risk, and Corporate and Industry-specific regulations.
5. Continuously evaluate and enhance GRC processes to adapt to changing threats, technologies, and business needs.
6. Conduct benchmarking activities to compare the organization's GRC practices against industry standards and best practices.
7. Work closely with cross-functional teams (e.g., IT, Legal, HR, Operations) to ensure alignment on risk management and compliance initiatives.
8. Continuously evaluate and improve the organization's GRC processes and tools, leveraging industry best practices, automation, and innovative solutions.
9. Assist in the design and implementation of risk and compliance management strategies, including business continuity and incident response plans.

10. May be assigned other tasks from time to time.

11. Corporate Governance Oversight:

12. Participate in the preparation of Corporate Governance documents including Governance Manual, Delegation of Authority Manual, Board and committees' charters and Board Policies

13. Follow up on new regulations & regulations changes, assess the impact, and ensure compliance to SEC, BSP and other mandatory regulatory requirements for the Board.
14. Participate in the preparation and review of disclosure related forms such as Related Parties, Conflict of Interests, Competing Business, Independence, etc.
15. Serve as the Secretariat support to the Board of Directors and its committees.
16. Coordinate and prepare materials for Board meetings, including agendas, background documents, and action logs.
17. Identify and documenting action items and responsible parties on Board and management level meetings.
18. Following up on deliverables to ensure timely completion and reporting delays or risks.
19. Ensuring minutes and board-related and management-related documentation are stored according to TPI's standards.

20. Supporting logistical coordination with departments for board meeting requirements.

21. Enterprise Risk Assessment Support:

22. Assists in the development and implementation of the organization's Enterprise Risk Management program.

23. Conduct regular risk assessments to identify, evaluate, and prioritize risks across the organization, ensuring timely mitigation actions are implemented.

24. Conducts risk reviews with business stakeholders and senior management to ensure risks are effectively managed and mitigated.

25. Internal & External Assessments and Audits:

26. Support internal and external audit efforts, including coordination with auditors, preparing audit materials, and tracking findings and resolutions.

27. Monitor remediation activities following audits to ensure any identified gaps are addressed in a timely manner.
28. Assist and lead multiple customer security audits.
29. Respond to customers' security questionnaires.

30. Conducts assessments of third-party vendors and service providers to ensure they meet the organization's security and contractual requirements.

31. Training and Awareness:

32. Conduct or support GRC awareness training for technical and non-technical staff.

33. Promote a culture of compliance and proactive risk management within the organization.
34. Responsible for maintaining, improving and testing TPI's business continuity program
35. Support TPI's Business Continuity Management Team in implementing responses to emergencies and  other disasters that could impact the business.
36. Assist the Legal and Compliance Manager in coordinating with Third Parties for defined governance and provide status reports on Risk and Compliance.

37. Assist in training and awareness across all levels of the organization to promote a culture of responsible compliance.

38. Monitoring and Reporting:

39. Prepare regular compliance and risk reports for senior leadership, highlighting key risk areas, trends, and performance against key compliance metrics.

40. Submit required compliance reportorial requirements to regulators

41. Ensure documentation is maintained for all key GRC activities, including risk registers, audit logs, and compliance status reports.

42. Business Continuity and Incident Management Support

43. Maintain and improve TPI's Business Continuity Program.

44. Support the Business Continuity Management Team during emergencies and disruptions.
45. Participate in business continuity drills and risk scenarios to evaluate TPI's readiness.

Job Requirements:

• Strong knowledge of governance, risk, and compliance (GRC) processes.

• Familiarity with security practices, infrastructure, cloud environments, and third-party risk.

• Excellent written and verbal communication skills, with the ability to clearly document controls and risks.

• High attention to detail and organizational skills. Responsible for maintaining, improving and testing TPI's business continuity program

• Support TPI's Business Continuity Management Team in implementing responses to emergencies and other disasters that could impact the business.
• Assist the Legal and Compliance Manager in coordinating with Third Parties for defined governance and provide status reports on Risk and Compliance.

• Assist in training and awareness across all levels of the organization to promote a culture of responsible compliance.

• Proficiency in Microsoft Office, GRC tools, risk registers, and reporting tools

Educational Requirements:

• Candidates must possess at least a Bachelor's Degree in Information Technology, Computer Science, Information Security, or a related field.

• 3–5 years of experience in IT risk management, compliance, or IT audit—preferably in the fintech, banking, or regulated financial services sector.

• Hands-on experience working with regulatory frameworks such as BSP Circulars, ISO/IEC 27001, PCI-DSS, NIST, or COBIT.

Preferred Certifications (a plus):

• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• ISO 27001 Lead Implementer
• ITIL Foundation