Compliance Senior Analyst

Job Title: Compliance Senior Analyst

Location: Mandaluyong City

Job Type: Full-Time

Shift: Night Shift

Salary: Competitive Salary + Benefits (40K - 50K)

About the Role:

We are looking for a detail-oriented and proactive Compliance Senior Analyst to join our Governance, Risk & Compliance (GRC) team. This is an exciting opportunity for someone passionate about continuous improvement, risk management, and ensuring compliance across a global organization. As a key player in our compliance program, you will work closely with technical teams to track risks, optimize processes, and ensure alignment with regulatory standards.

Key Responsibilities:

• Lead and evolve the enterprise-wide Continuous Monitoring (ConMon) program, ensuring vulnerabilities are identified, tracked, and remediated with accurate reporting and documentation.
• Conduct recurring control assessments to evaluate the effectiveness of technical, administrative, and operational safeguards, utilizing results to improve the Common Control Framework (CCF).
• Develop and maintain the Common Control Framework (CCF), ensuring alignment across multiple regulatory and certification requirements, such as SOC 2, ISO 27001, PCI-DSS, NIST 800-53, DORA, C5.
• Manage the risk exception and deviation process, including intake, review, documentation, and tracking of compensating controls.
• Facilitate regular compliance syncs with internal teams (e.g., Security, IT, Legal, Privacy), driving action item closure and ensuring visibility of risks.
• Support audit readiness by aligning evidence to controls, updating documentation, and coordinating with process owners to demonstrate compliance posture.
• Maintain core compliance documentation, including policies, SOPs, control narratives, risk registers, and corrective action plans.
• Assist in incident response documentation, focusing on compliance impacts, reporting obligations, and post-incident reviews.
• Collaborate with Security and Engineering teams to review vulnerability scans and threat intelligence, prioritizing remediation.
• Develop and manage compliance dashboards and metrics to track the program's health and maturity.
• Continuously improve compliance processes, identifying opportunities for automation, reducing manual tasks, and evolving the CCF to address emerging risks.

Qualifications:

• 3+ years of experience in compliance, audit, security assurance, or a related field within a technology or SaaS environment.
• Strong knowledge of regulatory frameworks, including NIST SP 800-53, SOC 2, ISO 27001, and PCI-DSS.
• Experience with vulnerability management, risk assessments, and control testing.
• Proven ability to collaborate with technical and business teams, managing multiple priorities in a fast-paced environment.
• Strong documentation skills and attention to detail.
• Bachelor's Degree in a relevant field (or equivalent professional experience).

Preferred Skills:

• Familiarity with vulnerability scanning tools such as Tenable, Wiz, or similar.
• Experience with GRC platforms (e.g., OneTrust, Drata, ServiceNow).
• Certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor/Implementer.
• Knowledge of data protection regulations like GDPR, HIPAA, or DORA.

Company Benefits:

• Company Stocks
• Annual merit increase based on performance
• 15% night shift differential pay
• Paid leave with cash conversion
• HMO with free dependents
• Retirement plan
• Life Insurance
• Internet and meal allowance (while on work from home setup)
• Employee Assistance Program for mental and social well-being
• Government-mandated benefits (SSS, PhilHealth, PagIBIG, 13th month pay, solo parent leave, special leave for women)

Job Types: Full-time, Permanent

Pay: Php40, Php50,000.00 per month

Benefits:

• Company Christmas gift
• Company events
• Health insurance
• Life insurance
• Opportunities for promotion
• Paid training
• Promotion to permanent employee
• Work from home

Education:

• Bachelor's (Preferred)

Experience:

• Compliance, audit and security assurance: 3 years (Preferred)
• Tenable, Wiz, or other vulnerability scanners: 3 years (Preferred)
• GRC platforms (e.g., OneTrust, Drata, ServiceNow).: 3 years (Preferred)

License/Certification:

• CISA, CISSP, CRISC, or ISO 27001 Lead Auditor/Implementer. (Preferred)
• GDPR, HIPAA, or DORA. (Preferred)

Work Location: In person