GRC Analyst

Job Description: Full-time employee assessing risks to AsiaPay’s information resources, and working on developing, implementing, and maintaining information security policies, standard, procedures, and awareness initiatives to protect those information resources, and prevent legal and regulatory violations.

Location: AsiaPay HQ, located in Sulaymaniyah City

Responsibilities:
• Assess risks to AsiaPay’s information resources, and assist in the development, implementation, and maintenance of a written Information Security policies, standards, and procedures that addresses people, processes, and technology and contains administrative, operational, and technical safeguards.
• Support and assist in ensuring compliance with Information Security policies, standards, and procedure; PCI DSS standard; and any other legal and regulatory requirements.
• Stays up to date in industry trends and best practices, including monitoring for changes in PCI DSS and recommending necessary adjustments to our compliance program.
• Provides guidance and support to internal project teams to ensure new systems, applications, or processes are designed and implemented in accordance with Information Security policies and standards.
• Assists with vendor management program, including gathering necessary documentation, conducting vendor risk assessments, ensuring regular review, and maintaining inventories of third-party service providers.
• Monitors and tracks remediation efforts for identified non-compliance issues to ensure timely resolution, including managing policy exceptions and violations.
• Conduct internal training and awareness programs to educate employees on information security best practices.
• Assists in coordinating annual audits and assists with preparation of annual compliance reports for submission to external stakeholders.
• Creates written reports and dashboards for monitoring compliance and communicating status with Information Security Manager.
• Providing after-hours and weekend support whenever required.
• Staying up to date with the latest cybersecurity threats and vulnerabilities.
• Ability to obtain the required security certifications as required as a part of job duties and business requirements.
• Read, understand, enforce, and adhere to the information security policies, standards, and procedures, and do not hinder in any way the proper execution of procedures defined within.
• Understand and abide by our non-disclosure and confidentiality agreements, and rules of behavior policy.

Qualifications:
• Bachelor’s degree in computer science, cyber security, or related field.
• 3 years of working as a Compliance Analyst or similar role, with a strong understanding of PCI DSS and other related PCI standards and requirements.
• Knowledge of information security policy and program development and management, risk assessment, and regulatory compliance practices.
• Ability to communicate and collaborate with interdisciplinary teams across multiple areas of the business in all required compliance matters.
• Knowledge of IT security industry trends including common information security management frameworks and controls, such as ISO 27000 series, COBIT, and NIST CSF.
• Self-motivated and quick learner.
• Excellent communication skills both verbal and written.
• Ability to multitask, learn new technologies in a fast-paced energized environment.
• CISA, CRISC, CISSP, or equivalent level certifications highly desired.