Collaboration Betters The World

PD| GRC Analyst

Location Vietnam, Ho Chi Minh City
Category
Consultancy
Position Type
Regular Full-Time
Working Model
Hybrid

Overview

The GRC Analyst is responsible for supporting the governance, risk, and compliance (GRC) functions within the security team. This role involves assisting in the implementation and maintenance of security frameworks such as ISO 27001, PCI DSS, ISO 42001, and Cyber Essentials. The Security GRC Analyst will help identify and manage risks, ensure compliance with regulatory and industry standards, and support security governance initiatives to enhance Prezzee’s security posture.

Qualifications

  • Hands-on deployment and day-to-day management of security tools with necessary training and onboarding to operations staff where appropriate
  • Support the broader security and tech teams in their pursuit to achieve organisational objectives
  • Implement security processes/controls, and monitor, and update them regularly to ensure their ongoing effectiveness
  • Research latest security trends, and recommend security enhancements to the broader security and tech team members
  • Incident Management: Work with tech teams and vendors to investigate security-related alerts, including getting hands-on with forensic analysis using log files, transaction information and information available from security tools
  • Third-party risk management
  • Develop playbooks for the Ops and customer care teams. Develop comms templates for security events
  • Assess 3rd parties, and respond to 3rd party RFIs
  • Work with the IT service provider to ensure a secure end-user operating environment is maintained
  • Work with all the third-party service providers' IT teams to ensure their end-user operating environment meets security and privacy requirement

Responsibilities

Security Governance & Compliance

  • Assist in the implementation and maintenance of security frameworks (ISO 27001, PCI DSS, ISO 42001, Cyber Essentials).
  • Support compliance assessments, audits, user access reviews, and internal security reviews.
    Maintain security policies, standards, and procedures, ensuring they align with industry best practices and regulatory requirements.
  • Collaborate with internal stakeholders to ensure security governance requirements are met.
    Track and manage security compliance metrics and reporting.
  • Leverage AI-driven tools and automation to enhance security governance and compliance processes.
    Risk Management
  • Support risk assessments to identify, assess, and mitigate security risks.
    Maintain and update the risk register, ensuring risks are tracked and assigned appropriate treatment plans.
  • Assist in third-party risk assessments, evaluating vendors' security postures.
    Work with security teams to implement risk mitigation strategies and track remediation efforts.
  • Utilize AI and automation to enhance risk assessment and monitoring capabilities.
    Security Awareness & Training
  • Support the development and delivery of security awareness programs to promote a security-first culture.
  • Assist in security training initiatives for employees and key stakeholders.
  • Monitor and report on the effectiveness of security awareness programs.
    Audit & Assurance
  • Completion of security questionnaires, RFPs and security responses to provide customers assurance in Prezzee products and services.
  • Assist in preparing for internal and external security audits, ensuring evidence collection and documentation is up to date.
  • Support remediation efforts following audit findings, tracking corrective actions.
    Contribute to continuous improvement initiatives to enhance security controls and compliance measures.
  • Implement AI-driven analytics to streamline audit preparation and compliance monitoring.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed