Analyst - GRC (Governance, Risk & Compliance)

Purpose of the role

This role has been established to support the business in building sustainable governance andcompliance practices at Amagi. The basic factor required to be successful in this role warrants a good understanding of the company's vendor landscape and compliance requirements. The focus is on building repeatable internal compliance validation and vendor security risk review processes.

What are we looking for in potential candidates?

• Be a team player
• Be hands-on at work
• Believe in adopting an innovative approach towards cybersecurity risk management and
• governance
• Willingness to learn technical aspects of security
• Self starter

Who will the role report to?

This role will report to the Director - GRC

What is the scope of operation?

• Third-Party Risk Management (TPRM)
• Support for Audit Readiness and Evidence Collection
• Internal Governance and Risk Management

What is the desired outcome in the next two years?

• A sustainable vendor security risk management process
• A sustainable internal compliance team
• Continuous monitoring and reporting of the Product risk posture
• Processes to monitor the implementation effectiveness of security controls

Key Responsibilities

• Support products in sustaining SOC2 compliance by regular internal assessments
• Engage with vendors for regular security and risk review
• Continuous monitoring and scoring of vendor risk
• Monitor security control effectiveness and highlight deviations.
• To carry out Amagi’s Security Awareness Program
• Manage governance documentation

Required Competencies

• Basic understanding and working knowledge of AWS / GCP.
• Basic understanding of security standards, policies, and processes
• Basic understanding of SOC2, audit, and compliance validation
• Working knowledge of carrying out TPRM assessments
• Good documentation skills.
• Ability to work cross-functionally with Legal,IT and Engineering
• Strong analytical and problem-solving mindset
• Comfort with ambiguity and willingness to shape early-stage processes

Work Experience

• 1-3 Years of experience in Vendor risk management and Compliance review