Senior GRC Security Analyst (WFH) - #34700

As a Senior GRC Security Analyst, you will be responsible in driving and maintaining security and compliance frameworks, managing audit processes, and ensuring data protection and security controls are enforced across the company’s systems, including cloud, on-prem, and user-facing platforms. Additionally, the GRC Security Analyst will be responsible for coordinating and facilitating maintenance window activities to support continuous IT infrastructure improvements.

Company Profile:

Established in 1998, our client is a Malta-based company providing bettors with a unique, no-gimmick alternative to traditional bookmakers by focusing on offering the best odds and highest betting limits across all markets. With over 25 years of experience serving customers worldwide, the company’s expertise ensures that every bettor enjoys a top-quality experience. A pioneer in the betting industry, it has been instrumental in shaping esports wagering by accepting the first esports bet in 2010 and later launching its own competitive tournament series in 2021. Committed to educating bettors, the company offers thousands of insightful articles, podcasts, and videos designed to help players of all levels improve their understanding of sports betting.

As part of their rapid growth, they are expanding their technical team in the Philippines and are on the lookout for talented, proactive, and highly motivated Senior GRC Security Analyst to join their dynamic team.

This is a great opportunity for someone who enjoys working in a dynamic, collaborative environment and is passionate about driving projects to success. It's ideal for a detail-oriented, organized individual who thrives on clear communication, problem-solving, and working with diverse teams and senior leaders.

Duties and Responsibilities:

Governance, Risk & Compliance

• Perform ongoing risk assessments and maintain a risk register
• Conduct internal compliance audits and prepare for external assessments (ISO 27001, PCI DSS, GDPR)
• Implement and manage Microsoft Purview policies
• Develop and enforce security governance frameworks and policies
• Support user access reviews and IAM compliance enforcement
• Track remediation of audit findings and compliance gaps

Collaboration & Support

• Liaise with the Security Engineering and SOC teams to validate control implementation
• Support training and awareness programs on security governance and user responsibilities
• Assist in the preparation and delivery of reports for senior management and auditors

Requirements

• At least 5 years of experience in security governance, risk, and compliance roles
• Strong knowledge of ISO 27001, PCI DSS, GDPR, NIST, or similar frameworks
• Experience coordinating audits, managing compliance tools, and writing policies
• Familiarity with IAM, access control policies, and endpoint security compliance
• 3+ years of experience in tracking and managing technical change controls
• 3+ years of experience with forensic tools (e.g., Wireshark, Volatility, FTK)
• 1+ year of experience in implementing and managing Microsoft Purview
• Strong understanding of web security risks and mitigation strategies

Advantageous skills or nice-to-haves:

• Bachelor’s Degree in Information Technology, Science, Engineering or related
• Microsoft Certified: Information Security Administrator Associate (SC-401)
• ISO/IEC 27001 Lead Implementer
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Risk and Information Systems Control (CRISC)
• AWS Certified Security – Specialty
• Microsoft Certified: Information Protection Administrator Associate (SC-400)
• Understanding of cloud security compliance in Azure and AWS
• Strong documentation, project coordination, and reporting skills