Talent.com
Governance Risk and Compliance (GRC) Analyst

Governance Risk and Compliance (GRC) Analyst

HytechKuala Lumpur, Kuala Lumpur, Malaysia
30+ hari lalu
Penerangan pekerjaan

Governance Risk and Compliance (GRC) Analyst

Hytech Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Overview

We are seeking a Cyber Security Governance Specialist to strengthen our group company’s cyber-security frameworks and risk posture. In this role, you will collaborate with internal teams and guide stakeholders on key security standards and frameworks, including :

  • ISO / IEC 27001
  • NIST Cybersecurity Framework (CSF) & NIST SP 800 series
  • PCI-DSS

Your work will ensure that governance, risk, and compliance (GRC) principles are embedded into business operations, enabling the company to maintain resilience, compliance, and trust.

Responsibilities

  • Assess & Benchmark

    • Conduct cyber-risk and control-maturity assessments (NIST CSF, ISO 27001, Essential Eight, proprietary models).

  • Translate technical findings into executive-level insights and actionable roadmaps.
  • Build and embed cyber-risk programmes : risk registers, treatment plans, dashboards.
  • Develop policies, standards, and procedures that are both compliant and practical for engineers.
  • Governance & Compliance

    • Own and maintain the GRC framework and policy stack; embed the three lines of defence.

  • Guide stakeholders through audits and regulatory reviews (e.g., APRA CPS 234, SOC 2).
  • Monitor regulatory changes and advise business stakeholders on impact within 30 days.
  • Strategic Advisory

    • Develop multi-year cyber-security and risk strategies aligned to corporate OKRs.

  • Present risk posture, KPI / KRI trends, and investment options to boards and regulators.
  • Leadership & Coaching

    • Mentor junior GRC analysts and upskill cross-functional teams on secure-by-design and offensive-security principles.

  • Foster a culture of continuous improvement and measurable risk reduction.

    • Qualifications & Experience

  • 3+ years in cyber-security, technology risk, or security consulting.
  • Hands-on delivery of ISO 27001 and PCI-DSS certification projects.
  • Experience guiding senior stakeholders through NIST CSF or equivalent reviews.
  • Working knowledge of offensive-security methodologies to inform strategic risk decisions.
  • Strong experience building risk registers, executive dashboards, and board reports.

    • Preferred / Nice-to-Have

  • Master’s degree in Cybersecurity, Risk, Business, or MBA.
  • Professional certifications : CISSP, CISM, CRISC, ISO 27001 Lead Implementer / Auditor.
  • Exposure to AI governance and data ethics (e.g., NIST AI RMF).
  • Prior line-management of GRC, security architecture, or penetration testing teams.

    • Seniority level

  • Mid-Senior level

    • Employment type

  • Full-time

    • Job function

  • Information Technology

    • Industries

  • Desktop Computing Software Products and IT System Custom Software Development

    • #J-18808-Ljbffr

    Buat amaran kerja untuk carian ini

    Risk Analyst • Kuala Lumpur, Kuala Lumpur, Malaysia