Deskripsi Pekerjaan
Are you a detail-oriented cybersecurity professional looking to make a measurable impact on the security posture of growing businesses? Kobalt.io is looking for a dedicated GRC Compliance Analyst to join our team in Manila. In this role, you will play a critical part in helping SMBs navigate the complex world of cybersecurity compliance, risk management, and regulatory frameworks.
As a GRC Compliance Analyst, you will act as a right-hand professional to our vCISOs, translating technical security requirements into actionable, tailored policies for our diverse range of clients. You won't just be checking boxes; you will be actively driving security maturity by conducting phishing simulations, managing internal audits, and ensuring our clients remain resilient against evolving cyber threats.
If you are passionate about data privacy, security architecture, and helping organizations build trust through transparency, we want to hear from you.
Tanggung Jawab
- Develop, maintain, and tailor comprehensive security policies and procedures aligned with industry standards such as SOC2, ISO 27001, and HIPAA.
- Support vCISOs by tracking compliance roadmaps and ensuring deliverables meet project timelines.
- Execute and manage automated phishing simulation campaigns and security awareness training programs.
- Conduct thorough risk assessments and identify vulnerabilities within client environments.
- Gather evidence for external audits and maintain internal compliance documentation.
- Provide expert guidance to clients on security best practices and technical controls.
- Monitor and report on client security health metrics, ensuring ongoing adherence to security requirements.
Kualifikasi
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- 2+ years of experience in GRC, cybersecurity, or IT audit roles.
- Strong understanding of security frameworks (SOC2, ISO 27001, PCI-DSS, etc.).
- Proven ability to translate complex technical requirements into clear, understandable business language.
- Exceptional documentation and technical writing skills.
- Experience with security automation tools and phishing simulation platforms.
- Ability to work independently in a fast-paced environment and manage multiple client engagements simultaneously.
- Relevant certifications such as CRISC, CISM, CISA, or Security+ are highly desirable.