Information Security Governance Analyst

About The Position

Requirements

• 2+ years of experience in supporting or auditing IT and Information Security compliance programs.
• Strong understanding of compliance regulations (e.g., Sarbanes Oxley 404, PCAOB, PCI, GDPR) and security standards (e.g., ISO 27001, NIST CSF).
• Familiar with IT governance and quality frameworks such as ISO, COBIT, and ITIL.
• Skilled in compliance metrics tracking.
• Proven ability to work effectively in global, matrixed environments.
• Excellent interpersonal, organizational, and communication skills.
• Comfortable collaborating across enterprise-scale organizations and building effective working relationships.
• Advanced oral and written communication skills in English.
• Strong analytical, problem-solving, and critical thinking capabilities.

Nice To Haves

• Bachelor’s degree in computer science or related discipline considered as a plus
• Information Security related certifications such as CISA, Security+, Network+, Azure AZ-900, AZ-500, AWS certification, CEH.

Responsibilities

• Coordinate internal and external audits and controls testing (e.g., SOX, SOC 2, ISO 27001/42001, NIST) by managing timelines, stakeholders, and deliverables to support on-time, high-quality audit outcomes.
• Triage, assign, and track requests for information (RFIs) to the correct SMEs, ensuring clear ownership and deadlines and improving response timeliness.
• Collect, validate, and submit audit evidence by performing completeness/quality checks to reduce evidence rework and audit follow-ups.
• Identify evidence gaps and drive closure by working with control owners/SMEs to remediate missing or insufficient evidence before submission deadlines.
• Maintain audit schedules and status trackers to provide accurate, current visibility of audit progress, evidence readiness, and risks to delivery.
• Maintain an Audit Findings List and Corrective Action Log to ensure findings are documented, assigned, tracked, and closed within agreed timescales.
• Monitor control testing progress and exceptions (including failed tests) and escalate issues with clear context and impact to support timely remediation decisions.
• Support third‑party, customer, and partner security assessments and questionnaires by coordinating inputs and validating responses to protect accuracy and consistency of submissions.
• Maintain and update governance document status trackers to ensure policies/standards/procedures are reviewed, current, and traceable.
• Support ongoing maintenance of governing documents by coordinating periodic reviews and updates with stakeholders to keep documentation aligned to requirements and practice.
• Identify compliance programme gaps and recommend improvements based on audit outcomes, metrics, and stakeholder feedback to strengthen control effectiveness and readiness.
• Maintain GRC metrics, KPIs, and the Risk and Controls Matrix (RCM) to support evidence-based reporting and prioritisation of compliance activities.
• Input data into the GRC tooling/module and publish GRC-related content to ensure records are complete, current, and available for reporting and audits.
• Prepare materials for management reviews, compliance committees, and governance forums to enable clear decision-making and documented oversight.