Compliance Analyst

The ideal candidate will play a vital role in tracking the organization compliance with key industry regulations, such as NIST CSF 2.0, SOC2, and GDPR. The technician will focus on third-party vendor audits, internal audit support, and analysis to validate alignment between administrative and technical controls.

Job Responsibilities:

• Third-Party Vendor Audits: Assist in the evaluation of third-party vendors' security practices, ensuring their compliance with relevant security frameworks, including NIST CSF 2.0, SOC2.
• Internal Audit Support: Collaborate with the internal audit team to analyze administrative controls, ensuring they are effectively aligned with technical controls. Assist in identifying gaps and providing recommendations for remediation.
• Regulatory Compliance Support: Ensure the company is compliant with industry standards, regulations, and security frameworks (such as NIST CSF 2.0, SOC2), by supporting audit processes, reviewing controls, and supporting the reporting process.
• Documentation and Reporting: Support the completion of audit reports and documentation required for compliance, internal reviews, and internal stakeholders.
• Risk Management: Assist with mitigating risks related to audit and compliance requirements. Provide recommendations to improve controls and reduce risk.
• Continuous Improvement: Stay updated on the latest cybersecurity trends, regulatory requirements, and best practices to help improve the company's cybersecurity posture, governance processes, and compliance efforts.

Job Qualifications:

• Bachelor’s degree in Computer Science, Digital Science, Cybersecurity, or related field
• 2-3 years of experience working in a cybersecurity or compliance role, with a focus on audit, and compliance.
• Demonstrates strong understanding of the NIST Cybersecurity Framework (CSF 2.0), SOC2, and other relevant regulatory frameworks.
• Exhibits experience with cybersecurity audit processes, risk management, and control assessment processes.
• Experience in evaluating third-party vendors for security compliance.
• Strong written and verbal communication skills to effectively communicate with technical and non-technical vendors, peers, and stakeholders.
• Ability to collaborate effectively with cross-functional teams, remote staff and globally divers locations.
• Must be willing to work in the office at Bridgetowne, Quezon City
• Must be willing to work during US time zone

Preferences:

• Experience working in healthcare or healthcare staffing industries is a plus
• CISA (Certified Information Systems Auditor), CGRC – Governance, Risk, and Compliance Certification, or other relevant cybersecurity certifications.

Benefits:

• Be part of a pioneer start-up team
• Health insurance + 2 Free Dependents
• 20% Night Differential
• Life insurance
• Staff meals provided daily