Security GRC Analyst - Employment Hero

Key Responsibilities

• Lead risk assessments and gap analyses for ISO, SOC, GDPR, and other regulatory frameworks across APAC regions.
• Develop, maintain, and enforce security policies, procedures, and controls to align with business objectives and compliance requirements.
• Coordinate internal and external audits, prepare audit evidence, and track remediation activities to achieve audit readiness.
• Collaborate with cross‑functional teams to embed security controls into product development, onboarding, and vendor management processes.
• Monitor security incidents, conduct root‑cause analysis, and recommend improvements to incident response and mitigation strategies.

Requirements

• 3+ years of experience in GRC, risk management, or security compliance roles.
• Strong knowledge of ISO 27001, SOC 2, GDPR, and other relevant compliance standards.
• Proven ability to conduct risk assessments, develop controls, and manage audit remediation.
• Excellent communication skills with the ability to translate technical findings into actionable business insights.
• Experience with GRC tools (e.g., RSA Archer, MetricStream) and security frameworks is a plus.