You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Posted 5 months ago
Requirements and responsibilities
About Us: At Kobalt.io, our mission is to solve cybersecurity for SMBs at scale. We believe small businesses are the engine behind innovation and growth. Understanding the challenges that our customers face enables us to design and refine scalable cybersecurity services that support a secure path to growth. This is reflected in everything we do, from the programs we build to the partnerships we have developed with companies such as Vanta, Prescient, and Sumo Logic.
Role Overview: We are seeking a results-driven GRC Analyst to contribute to the rapidly growing professional services team and help build a best-in-class global operation. The GRC Analyst is primarily responsible for conducting and delivering ISO internal audits for our growing client base. This role will also work closely with and provide support to our vCISO and Security Analyst teams, acting as a crucial link in our compliance and security assurance efforts. This is a remote role and can be located anywhere in the Philippines.
Responsibilities:
* Lead and conduct internal audits against the ISO 27001 framework to ensure compliance, identify non-conformities, document internal audit findings, and complete executive reviews.
* Assist vCISOs and Security Analysts in supporting clients with their compliance journey, performing comprehensive security reviews of third-party vendors to assess their security posture and manage supply chain risk, and responding to client and prospect security questionnaires in a timely manner.
* Help drive improvements in our security services through the creation of internal knowledge-base articles and GRC documentation.
* Support the design and development of Kobalt’s service offerings through insightful feedback and a positive attitude.
* Build new tools and techniques to compress human-intensive tasks into work that can be achieved more efficiently.
* Respond to and engage with customers through our ticket system, chat, email, phone, or other required communication channels.
* Complete technical certifications to gain the necessary technical knowledge and support Kobalt vendor partnerships.
Qualifications:
* 2 years of experience in GRC, Internal Audit, Information Security, Technology Risk, or related fields.
* Direct experience with governance frameworks, particularly ISO 27001, and experience conducting internal audits.
* Strong understanding of cybersecurity domains, including Security Operations, Security Engineering, and Information Risk Management.
* Ability to communicate effectively, both verbally and in writing, with clients and internal audiences.
* Ability to quickly learn and adapt security best practices to a wide variety of technologies.
Nice to have:
* Professional certification such as CISA, ISO 27001 Lead Auditor/Implementer, or GRCP™.
* Familiarity with technical system access controls.
* Familiarity with GRC platforms such as Vanta.
Optionally, you can add more information later (benefits, pre-screening questions, etc.)