GOVERNANCE, RISK AND COMPLIANCE (GRC) SPECIALIST

BASIC FUNCTIONS

The GRC Specialist will be responsible for developing, implementing, and maintaining governance, risk management, and compliance frameworks and policies. This role requires a strong understanding of regulatory requirements, industry standards, and best practices in GRC.

Essential Duties and Responsibilities:

1. General Responsibilities:

• Assists in the development and implementation of GRC policies, standards, programs, and procedures in alignment with industry best practices and regulatory requirements.
• Assist in establishing and maintaining an effective and robust GRC governance framework to ensure effective oversight and decision-making.
• Stay abreast of relevant laws, regulations, and industry standards pertaining to Governance, Risk, and Corporate and Industry-specific regulations.
• Continuously evaluate and enhance GRC processes to adapt to changing threats, technologies, and business needs.
• Conduct benchmarking activities to compare the organization's GRC practices against industry standards and best practices.
• Work closely with cross-functional teams (e.g., IT, Legal, HR, Operations) to ensure alignment on risk management and compliance initiatives.
• Continuously evaluate and improve the organization's GRC processes and tools, leveraging industry best practices, automation, and innovative solutions.
• Assist in the design and implementation of risk and compliance management strategies, including business continuity and incident response plans.
• May be assigned other tasks from time to time.

1. Corporate Governance Oversight:

• Participate in the preparation of Corporate Governance documents including Governance Manual, Delegation of Authority Manual, Board and committees’ charters and Board Policies
• Follow up on new regulations & regulations changes, assess the impact, and ensure compliance to SEC, BSP and other mandatory regulatory requirements for the Board.
• Participate in the preparation and review of disclosure related forms such as Related Parties, Conflict of Interests, Competing Business, Independence, etc.
• Serve as the Secretariat support to the Board of Directors and its committees.
• Coordinate and prepare materials for Board meetings, including agendas, background documents, and action logs.
• Identify and documenting action items and responsible parties on Board and management level meetings.
• Following up on deliverables to ensure timely completion and reporting delays or risks.
• Ensuring minutes and board-related and management-related documentation are stored according to TPI’s standards.
• Supporting logistical coordination with departments for board meeting requirements.

1. Enterprise Risk Assessment Support:

• Assists in the development and implementation of the organization’s Enterprise Risk Management program.
• Conduct regular risk assessments to identify, evaluate, and prioritize risks across the organization, ensuring timely mitigation actions are implemented.
• Conducts risk reviews with business stakeholders and senior management to ensure risks are effectively managed and mitigated.

1. Internal & External Assessments and Audits:

• Support internal and external audit efforts, including coordination with auditors, preparing audit materials, and tracking findings and resolutions.
• Monitor remediation activities following audits to ensure any identified gaps are addressed in a timely manner.
• Assist and lead multiple customer security audits.
• Respond to customers' security questionnaires.
• Conducts assessments of third-party vendors and service providers to ensure they meet the organization's security and contractual requirements.

1. Training and Awareness:

• Conduct or support GRC awareness training for technical and non-technical staff.
• Promote a culture of compliance and proactive risk management within the organization.
• Responsible for maintaining, improving and testing TPI’s business continuity program
• Support TPI’s Business Continuity Management Team in implementing responses to emergencies and other disasters that could impact the business.
• Assist the Legal and Compliance Manager in coordinating with Third Parties for defined governance and provide status reports on Risk and Compliance.
• Assist in training and awareness across all levels of the organization to promote a culture of responsible compliance.

1. Monitoring and Reporting:

• Prepare regular compliance and risk reports for senior leadership, highlighting key risk areas, trends, and performance against key compliance metrics.
• Submit required compliance reportorial requirements to regulators
• Ensure documentation is maintained for all key GRC activities, including risk registers, audit logs, and compliance status reports.

1. Business Continuity and Incident Management Support

• Maintain and improve TPI’s Business Continuity Program.
• Support the Business Continuity Management Team during emergencies and disruptions.
• Participate in business continuity drills and risk scenarios to evaluate TPI’s readiness.

Job Requirements:

• Strong knowledge of governance, risk, and compliance (GRC) processes.
• Familiarity with security practices, infrastructure, cloud environments, and third-party risk.
• Excellent written and verbal communication skills, with the ability to clearly document controls and risks.
• High attention to detail and organizational skills. Responsible for maintaining, improving and testing TPI’s business continuity program
• Support TPI’s Business Continuity Management Team in implementing responses to emergencies and other disasters that could impact the business.
• Assist the Legal and Compliance Manager in coordinating with Third Parties for defined governance and provide status reports on Risk and Compliance.
• Assist in training and awareness across all levels of the organization to promote a culture of responsible compliance.
• Proficiency in Microsoft Office, GRC tools, risk registers, and reporting tools

Educational Requirements:

• Candidates must possess at least a Bachelor’s Degree in Information Technology, Computer Science, Information Security, or a related field.
• 3–5 years of experience in IT risk management, compliance, or IT audit—preferably in the fintech, banking, or regulated financial services sector.
• Hands-on experience working with regulatory frameworks such as BSP Circulars, ISO/IEC 27001, PCI-DSS, NIST, or COBIT.

Preferred Certifications (a plus):

• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• ISO 27001 Lead Implementer
• ITIL Foundation