GRC Analyst

About Us: At , our mission is to solve cybersecurity for SMBs at scale. We believe small businesses are the engine behind innovation and growth. Understanding the challenges that our customers have enables us to design and refine scalable cybersecurity services that support a secure growth path. This is reflected in everything we do from the programs we build, to the partnerships we have developed with companies such as Vanta, Prescient and Sumo Logic.

Role Overview: We are seeking a results-driven GRC Analyst to contribute to the rapidly growing professional services team into a best-in-class global operation. The GRC Analyst is primarily responsible for conducting and delivering ISO internal audits for our growing client base.  In addition, this role will also work closely with and provide support to our vCISO and Security Analyst teams, acting as a crucial link in our compliance and security assurance efforts.  This role is remote and can be located anywhere in the Philippines.  There are two available positions: 1 will be working in the AEST timezoneand 1 in PST timezone.

Responsibilities:

• Lead and conduct internal audits against the ISO 27001 framework to ensure compliance, identify non-conformities, document internal audit findings and complete executive reviews.
• Assist vCISOs and Security Analysts in supporting clients with their compliance journey - perform comprehensive security reviews of third-party vendors to assess their security posture and manage supply chain risk, and respond to client and prospect security questionnaires in a timely manner.
• Help drive improvements in our best-in-class security services through the creation of internal knowledge-base articles and GRC documentation.
• Support the design and development of Kobalt's service offerings through insightful feedback and a positive attitude.
• Build new tools and techniques to compress human-intensive tasks into work that can be achieved in a fraction of the time
• Support the design and development of Kobalt's service offerings through insightful feedback and a positive attitude as a contributing member of our security delivery team
• Help drive improvements in our best-in-class security services through the creation of knowledge-base articles and services documentation
• Respond to and engage our customers through our ticket system, chat, email, phone, or other mediums as required
• Complete technical certifications to help gain the necessary technical knowledge and support Kobalt vendor partnerships

Qualifications:

• 2 years of experience in GRC, Internal Audit, Information Security, Technology Risk, or related fields.
• Direct experience with governance frameworks, particularly ISO 27001, and experience conducting internal audits.
• Customer-first focus, with the ability to support both internal teams and external client inquiries.
• Excellent ability to communicate effectively, both verbally and in writing, with clients and internal audiences.
• Strong understanding of cybersecurity domains, including Security Operations, Security Engineering, and Information Risk Management.
• Exceptional written communication skills, with a demonstrated ability to produce clear, concise, and professional reports for various audiences.
• Self-initiative with strong time management and the ability to perform in high-paced environments.
• Can work independently and with teams to identify and resolve challenges and overcome roadblocks.
• Ability to quickly learn and adapt security best practices to a wide variety of technologies.

Nice to have:

• Professional certification such as CISA, ISO 27001 Lead Auditor/Implementer, or GRCP is desired but not required.
• Enthusiasm, curiosity, and a thirst for knowledge.
• Familiarity with technical system access controls and how to apply them.
• A strong team player with the ability to provide on-the-job training and knowledge sharing to other team members.
• Familiarity with GRC platforms, like Vanta.

Benefits:

• Competitive salary and equity options
• Comprehensive health, dental, and vision insurance
• Remote, flexible work arrangements within the required time zone
• Professional development opportunities
• Fun and inclusive company culture