Junior GRC Analyst

Let's start with the role

As a  Junior GRC Analyst, you will support the company’s information security initiatives, gaining hands-on experience with security frameworks, access management, and information security requirements set by laws, regulators, and licensing bodies. The role includes ensuring compliance with recognized standards such as PCI DSS and ISO 27001, while also meeting control objectives expected by customers and other stakeholders. Working alongside senior team members, you will help identify and address company-wide security risks, to shield the organization from potential security incidents and increase the resilience of operations

This is an excellent opportunity for someone early in their career to develop their skills in GRC, collaborate with cross-functional teams, and grow into a trusted security professional by exposure to a complex and mature Information Security Management System

As a Junior GRC Analyst, you will:

• Support the design, maintenance, and improvement of the overall ISMS (ISO 27001 compliant)
• Support the development, documentation, and implementation of access control policies and procedures.

• Assist with maintaining PCI DSS compliance, including evidence collection, control monitoring, and audit support.

• Help identify, assess, and monitor security risks, ensuring timely mitigation to minimize business disruption.
• Contribute to policy, standard, and procedure development and monitor compliance with internal and external requirements.
• Ensure security best practices are incorporated into disaster recovery and business continuity planning in order to appropriately meet RTO and RPO metrics
• Assist in analyzing security incidents and recommending countermeasures.

• Provide input to technology teams on secure development and system lifecycle practices.
• Work with Agile and standalone project teams to integrate security and privacy by design.

What you’ll bring

• B.Sc./MSc in Information Security or in a related field (Information Technology, Digital Systems, Applied Mathematics, etc.); A strong interest in information security, compliance, or risk management.
• Basic understanding of frameworks and regulations (ISO 27001, PCI DSS, NIST, COBIT, etc.).
• Familiarity with access management concepts and security best practices.
• Strong attention to detail, analytical mindset, and problem-solving skills.
• Ability to collaborate across teams and communicate effectively.
• Eagerness to learn and grow in a fast-paced environment.