GRC (Governance, Risk and Compliance) Analyst

Boost, the digital services arm of Axiata Group Berhad, is at the forefront of digital transformation, operating brands that specialize in digital payments, digital financing, and platforms. With a focus on driving innovation and fostering synergies within the digital ecosystem, Boost plays a pivotal role in empowering businesses and consumers to embrace the boundless opportunities of the digital era. Through strategic collaborations with industry partners, including technology providers, Boost continuously strives to deliver cutting-edge solutions and revolutionize the way businesses operate in the digital landscape.

Role Overview:

We are seeking a highly motivated and detail-oriented GRC Analyst to join our team. The GRC Analyst will assist in the development, implementation, and management of governance, risk, and compliance programs. The GRC Analyst is responsible for supporting the organization's information security governance framework, risk management processes, and regulatory compliance efforts. As part of the Second Line of Defense, the GRC Analyst helps ensure security risks are identified, assessed, and mitigated, and that policies, standards, and procedures are implemented to maintain compliance with internal and external requirements.

SCOPE & AUTHORITY

Key Responsibilities:

Risk Management:

• Contribute to identifying, assessing, and documenting risksand controls.
• Facilitatein conducting risk assessments and internal auditsto evaluate theeffectiveness of existing controls.

Compliance:

• Support the implementation and maintenance of compliance programsto ensure adherence to regulatory requirements.
• Assist in the preparation and submission of compliance reports.

Governance:

• Contributeto the development and maintenance of governance frameworks, standards, guidelines, policies and procedures.
• Support the monitoring and enforcement of governance standards across the organization.

Data Analysis and Reporting:

• Collect and analyzedata to identify trends, issues, and areas for improvement.
• Assist in preparing reports and presentations for senior management and other stakeholders.

Training and Awareness:

• Assist in the development and delivery of training programsto educate employees on GRC policies and procedures.
• Contribute to promoting cultureof compliance and risk awareness throughout the organization.

Documentation:

• Maintain accurate and up-to-date documentation of all GRCactivities.
• Assist in the development and maintenance of risk registers, compliance matrices, and other GRC-related documentation.

New/Future:

• Support governance reviews to ensure compliance with cybersecurity frameworks and best practices
  (e.g., ISO 27001, NIST, CIS).
• Assist in tracking regulatory requirements and controls across applicable standards (
  e.g., PCI DSS, GDPR, BNM-RMIT, MAS TRM).
• Work closely with Information Security, Internal Audit, Legal, and Business Units.
• Serve as a liaison for third-party risk and due diligence assessments

Qualifications:

• Minimum 5 years of experience in GRC, riskmanagement, compliance, or a related field (internship experience acceptable).
• Basic understanding of GRC conceptsand frameworks (e.g.,ISO 27001, NIST,GDPR).
• Familiar with financial services sector, financial transactional processes, technology system, regulatory requirements and internal controls (e.g. BNMRMIT, e-money guidelines, outsourcing guidelines, risk governance and business continuity management)
• Strong analytical and problem-solving skills.
• Excellent writtenand verbal communication skills.
• Proficiency in Microsoft OfficeSuite (Word, Excel,PowerPoint).
• Detail-oriented with strong organizational skills.
• Ability to work independently and as partof a team.

Preferred Qualifications:

• Relevant certifications (e.g.,CISA, CRISC, CGEIT)are a plus.
• Experience with GRC tools and software is advantageous.

EDUCATION BACKGROUND

• Bachelor's degree in information security, Security Assurance, Business Administration, Finance, or a related field.