Compliance Analyst

This is a remote position.

• Establish and review IT Security test control procedure checklists and conduct test plan activities/reviews.
  
• Conduct IT configuration reviews and user access review.
  
• Guarantee our compliance to such standards ISO 27001 SOC 2 and applicable regulations policies and guidelines.
  
• Control Monitoring and Testing: Develop and execute control testing methodologies to validate the effectiveness of implemented controls. Monitor control performance and identify deviations or noncompliance.
  
• Compliance Documentation: Maintain accurate and uptodate documentation of implemented controls including policies procedures guidelines and control testing results.
  
• Oversee changes in related regulation that affects the information technology and develop a compliance control checklist and test plan to address potential gaps identified.
  
• Work closely with technology audit legal human resource and other business units in conducting due diligence and risk assessments.
  
• Manage incoming/ongoing cybersecurity and privacy due diligence assessments/questionnaires from partners service bureaus and customers and ensure timely accurate responses.
  
• Assist in providing responses to internal and external audits requests and regulatory responses thirdparty supplier questionnaires and compliance selfattestations.
  
• Evaluate continuous compliance through automation and develop compliance metrics that are measurable and provide a good sense of security and compliance posture for MoneyHero Group.
  
• Other work or projects as assigned.
  

Requirements

• A minimum of 3 years of relevant working experience in information security compliance and privacy program management preferably in both startup and enterprise environments.
  
• Good understanding and experience in establishing and performing security and risk compliance assessment in a cloudbased environment technologies and services.
  
• Experience with various compliance frameworks and requirements including NIST framework ISO 27001 PCI DSS SOC 2 etc.
  
• Able to communicate compliance requirements with both technical and nontechnical audiences at various levels in the organization.
  
• Passionate about ensuring the effectiveness and compliance of information security controls and having the ability to drive control enhancements.
  
• Must have Fiber Optic internet with at least 25 Mbps bandwidth
  
• Must have a backup desktop or laptop with the latest OS
  
• Must be able to work from 9AM
  
• Must be amenable to reporting to our Makati office as required
  

• Good understanding of regulatory requirements in different markets the organization operates (e.g. MAS HKMA FSC BNM BSP BOT).
  
• Understanding of the regulatory and audit requirements with respect to compliance and experience working and interacting with regulators and auditors.
  
• Experience working on cloud technology and services.
  
• Familiarity with control monitoring and testing tools and technologies is a plus.
  
• Good to have Cybersecurity Fundamental certifications such as CompTIA Security ISC etc
  
• Remain composed when decisions have to be made quickly.
  
• Able to develop and implement new and improved ways of doing work; encourage staff and guide organization and foster a positive security behavior and posture.
  

Benefits