job description
Join Scalable OS as a Mid-level GRC Analyst and play a pivotal role in ensuring our organization's governance, risk management, and compliance frameworks are robust and aligned with global standards. This is a unique opportunity to work remotely from Bali while contributing to a dynamic, fast-growing tech company.
As a GRC Analyst, you will collaborate with cross-functional teams to identify risks, implement controls, and ensure compliance with industry regulations. The role requires a proactive mindset, strong analytical skills, and the ability to thrive in a remote work environment with a permanent night shift schedule to align with global operations.
If you are passionate about cybersecurity, risk management, and compliance, and are looking for a long-term remote opportunity with a forward-thinking company, we want to hear from you!
Responsibility
- Conduct risk assessments and gap analyses to identify vulnerabilities in governance, risk, and compliance frameworks.
- Develop and implement policies, procedures, and controls to mitigate risks and ensure compliance with industry standards (e.g., ISO 27001, NIST, GDPR).
- Monitor and report on compliance activities, including audits, assessments, and regulatory changes.
- Collaborate with IT, legal, and business teams to ensure alignment with security and compliance requirements.
- Maintain and update GRC documentation, including risk registers, compliance matrices, and incident reports.
- Provide training and awareness programs to educate employees on GRC best practices.
- Support internal and external audits by preparing documentation and facilitating discussions.
- Stay updated on emerging threats, regulatory changes, and industry trends to proactively address risks.
Qualifications
- Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field.
- 3+ years of experience in governance, risk management, or compliance roles, preferably in the IT or tech industry.
- Familiarity with compliance frameworks such as ISO 27001, NIST, GDPR, or SOC 2.
- Strong analytical and problem-solving skills with attention to detail.
- Excellent communication and stakeholder management skills.
- Ability to work independently in a remote setting and manage a permanent night shift schedule.
- Certifications such as CISA, CISM, CRISC, or CISSP are a plus.
- Experience with GRC tools (e.g., RSA Archer, ServiceNow, MetricStream) is advantageous.