About the role:
We are looking for a detailoriented and proactive GRC (Governance Risk and Compliance) Analyst to join our team. This role will be based in Sri Lanka and will support operations aligned with U.S. Central or Eastern time zones. The GRC Analyst will work closely with and support two Senior GRC Analysts and the CISO contributing to the daytoday execution of compliance programs audit preparation risk assessments and overall security governance efforts.
This is a handson role ideal for someone who thrives in a collaborative fastpaced environment and is passionate about security compliance and risk management.
Key Responsibilities
Governance & Compliance
- Support the implementation and maintenance of compliance programs aligned with frameworks such as ISO 27001 SOC 2 HIPAA PCI DSS GDPR TISAX NIST and IRAP.
- Assist in maintaining and updating security policies procedures and controls to ensure alignment with regulatory requirements.
- Conduct compliance reviews to identify gaps and assist in defining remediation actions.
- Monitor changes in regulatory requirements and provide input into compliance strategy and updates.
Audit Support
- Collaborate with internal stakeholders to coordinate auditrelated activities including evidence collection documentation preparation and status reporting.
- Maintain audit calendars track deliverables and ensure readiness for internal and external audits.
Risk Management
- Support periodic risk assessments helping to identify document and track technology and process risks.
- Maintain the risk and findings register ensuring items are regularly updated and monitored for progress.
CrossFunctional Collaboration
- Work closely with teams across Engineering Product Legal Procurement and Enterprise Technology to support compliance initiatives and ensure timely completion of action items.
- Provide ongoing support and clarity to teams on compliance tasks and expectations.
Reporting & Documentation
- Assist in preparing and delivering status reports dashboards and metrics on GRC activities for leadership and stakeholders.
- Ensure that compliance documentation is consistently updated and centrally stored (e.g. SharePoint Confluence).
Qualifications :
Preferred Skills and Experience:
- Bachelors degree in information technology Cybersecurity or a related field.
- Familiarity with industry standards and frameworks such as ISO 27001 SOC 2 HIPAA GDPR PCI DSS NIST and others.
- 35 years of experience in a GRC risk management audit support or compliance role in a technologydriven environment.
- Strong attention to detail organizational skills and ability to manage multiple tasks.
- Experience working across global teams and time zones is a plus.
- Certifications such as CISA CRISC or ISO 27001 Lead Implementer/Auditor are a plus.
- Comfortable using Microsoft 365 tools (e.g. Outlook Teams Excel SharePoint) and collaboration platforms.
Work Conditions
Remote Work :
No
Employment Type :
Fulltime