GRC Consultant

Summary

Join ConnectOS, a top-rated Philippines employer, and work with our Australian client who helps organizations make data-driven technology portfolio decisions. This GRC Manager role offers a competitive salary (P180,000 - P220,000 monthly) and a Monday-Friday schedule (7 AM to 4 PM Manila Time). You will develop and implement GRC strategies, conduct risk assessments, ensure regulatory compliance, and develop training programs. The position requires expertise in cybersecurity, risk management, IT compliance, and HIPAA. Enjoy work-from-home flexibility, paid vacation and sick leave, a competitive salary package, financial assistance, government benefits, and more.

Requirements

• Cyber Security
• Risk Management
• IT Compliance
• HIPAA

Responsibilities

• Develop and implement tailored GRC strategies, frameworks, and roadmaps based on industry best practices, including NIST CSF 2.0, and organizational needs
• Align governance, risk management, and compliance efforts with strategic business goals and evolving regulatory requirements
• Provide expert guidance on integrating NIST CSF 2.0 into governance, risk, and compliance initiatives to enhance cybersecurity resilience
• Act as a strategic advisor to leadership on embedding GRC practices into core business functions
• Conduct detailed risk assessments aligned with NIST CSF 2.0 to identify cybersecurity threats, vulnerabilities, and compliance gaps
• Develop, implement, and monitor risk mitigation strategies based on the Identify, Protect, Detect, Respond, and Recover pillars of NIST CSF 2.0
• Maintain and regularly update the risk register, ensuring all identified risks are documented and effectively managed
• Interpret and implement relevant regulations, standards, and frameworks, such as ISO 27001, GDPR, NIST CSF 2.0, HIPAA, and PCI DSS
• Support organizations in preparing for compliance audits and certification processes
• Continuously monitor regulatory changes and their impact on organizational policies and practices, providing actionable recommendations
• Develop, review, and implement security and compliance policies aligned with NIST CSF 2.0 and other applicable standards
• Promote adherence to established policies through regular audits, training, and monitoring programs
• Enhance cybersecurity governance by enforcing consistent compliance with NIST CSF 2.0 controls
• Conduct regular audits to ensure compliance with internal policies, external regulations, and NIST CSF 2.0 guidelines
• Generate detailed reports for stakeholders, including actionable insights to improve governance, risk management, and compliance posture
• Design and track key performance indicators (KPIs) to measure the effectiveness of GRC initiatives and alignment with NIST CSF 2.0
• Develop and deliver training programs to enhance awareness of NIST CSF 2.0, GRC practices, and cybersecurity resilience
• Facilitate workshops on emerging risks, compliance updates, and industry best practices
• Collaborate with teams to ensure organization-wide understanding and application of NIST CSF 2.0 principles
• Evaluate and implement GRC tools and technologies that support NIST CSF 2.0 adoption, compliance automation, and risk management
• Provide guidance on integrating GRC software, such as SAP GRC, RSA Archer, or ServiceNow, into existing systems

Preferred Qualifications

Cyber Security Certification

Benefits

• WFH
• Paid Vacation and Sick Leave (with Quarterly Sick Leave Conversion)
• Competitive salary package and annual appraisal
• Financial Assistance Program
• Mandatory Government Benefits and 13th Month Pay
• Regular Company Events, Work Life Balance, and Career growth opportunities