Analyst - GRC (Governance, Risk & Compliance)

Purpose of the role

This role has been established to support the business in building sustainable governance andcompliance practices at Amagi. The basic factor required to be successful in this role warrants a good understanding of the company's vendor landscape and compliance requirements. The focus is on building repeatable internal compliance validation and vendor security risk review processes.

What are we looking for in potential candidates?

Be a team player

Be hands-on at work

Believe in adopting an innovative approach towards cybersecurity risk management and

governance

Willingness to learn technical aspects of security

Self starter

Who will the role report to?

This role will report to the Director - GRC

What is the scope of operation?

Third-Party Risk Management (TPRM)

Support for Audit Readiness and Evidence Collection

Internal Governance and Risk Management

What is the desired outcome in the next two years?

A sustainable vendor security risk management process

A sustainable internal compliance team

Continuous monitoring and reporting of the Product risk posture

Processes to monitor the implementation effectiveness of security controls

Key Responsibilities

Support products in sustaining SOC2 compliance by regular internal assessments

Engage with vendors for regular security and risk review

Continuous monitoring and scoring of vendor risk

Monitor security control effectiveness and highlight deviations.

To carry out Amagi’s Security Awareness Program

Manage governance documentation

Required Competencies

Basic understanding and working knowledge of AWS / GCP.

Basic understanding of security standards, policies, and processes

Basic understanding of SOC2, audit, and compliance validation

Working knowledge of carrying out TPRM assessments

Good documentation skills.

Ability to work cross-functionally with Legal,IT and Engineering

Strong analytical and problem-solving mindset

Comfort with ambiguity and willingness to shape early-stage processes

Work Experience

1-3 Years of experience in Vendor risk management and Compliance review