Cybersecurity GRC (Governance, Risk & Compliance) Analyst at Korapay

About The Role

• As a Cybersecurity GRC Analyst, you will be responsible for supporting the organization’s information security governance, risk management, and compliance programs. This role ensures that security policies, controls, and processes align with regulatory requirements, industry standards, and business objectives. The analyst will assess risks, support audits, and help drive a strong security and compliance culture across the organization.

Here are a couple of things you'll be doing:

• Develop, review, and maintain information security policies, standards, and procedures
• Ensure alignment with industry frameworks (e.g., ISO 27001, NIST CSF, CIS Controls)
• Support the implementation and monitoring of security governance programs
• Drive security awareness initiatives and promote a culture of compliance
• Conduct risk assessments (enterprise, vendor, application, infrastructure)
• Maintain and update the organization’s risk register
• Perform control gap assessments and recommend remediation actions
• Support third-party/vendor risk management processes
• Track and report on risk treatment plans and mitigation progress
• Support compliance with regulatory and industry requirements (e.g., PCI DSS, SOC 2, GDPR)
• Coordinate internal and external audits, including evidence collection and walkthroughs
• Monitor compliance posture and track remediation of audit findings
• Assist in the development of compliance reports and dashboards for management
• Collaborate with security and IT teams to ensure controls are effectively implemented
• Assist in incident response from a compliance and reporting perspective
• Support control testing and continuous monitoring activities
• Maintain accurate documentation of policies, risk assessments, and control activities

• Other duties as assigned by the CISO.

Requirements

Here's what we're looking for:

• 2–4 years of experience in cybersecurity, IT risk, compliance, or audit
• Minimum of a Bachelor’s degree certificate
• Strong understanding of information security frameworks and standards (ISO 27001, NIST, SOC 2, PCI DSS)
• Experience with risk assessment methodologies and control frameworks
• Familiarity with regulatory requirements relevant to the industry (e.g., financial services, data protection laws)
• Experience with GRC tools
• Good communication & interpersonal skills
• Positive attitude
• Ability to handle stress appropriately and interact well with others.

Key Skills:

• Strong analytical and risk assessment skills
• Attention to detail and strong documentation capabilities
• Excellent communication and stakeholder management skills
• Ability to translate technical risks into business impact
• Strong organizational and project management abilities
• High level of integrity and professionalism