Information Security Governance Analyst
SSC HR SolutionsSSC HR Solutions

Information Security Governance Analyst

Job Purpose:

Support the implementation, monitoring, and continuous improvement of information security governance, risk management, and compliance program. This role contributes directly to maintaining ISO 27001:2022 certification, supporting surveillance and external audits, driving KPI/KRI reporting, and enabling the maturity and scalability of GRC processes.

Job Responsibilities:

▪ Support the development, implementation, and enhancement of the Information Security Management System (ISMS) in line with ISO 27001:2022 .

▪ Assist in maintaining GRC policies, procedures, and standards aligned with regulatory and business requirements

▪ Gather and report on security-related KPIs and KRIs to monitor control effectiveness and program health

▪ Participate in risk assessments, maintain the risk register, and support mitigation tracking

▪ Contribute to internal and external audit readiness, including ISO surveillance visits

▪ Collaborate with internal stakeholders to promote security awareness and compliance culture

▪ Support the implementation and use of GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust)

▪ Engage with ongoing projects to support secure development practices, compliance checks, and risk registers

▪ Prepare documentation and participate in quarterly ISMS and GRC reporting cycles

▪ Operates under the direction of the GRC Manager with a focus on execution and coordination, not strategic program ownership

Job Skills and Abilities:

-        Basic understanding of ISO 27001and risk frameworks

-        Awareness of data protection laws

-         Familiarity with risk management processes

-        Clear communication and cross-functional collaboration

-        Analytical and documentation skills

-        Process-focused, detail-oriented mindset

-        Ability to coordinate across departments on compliance topics

-        Ability to manage multiple assignments under supervision

-        Ability to collect and maintain reliable compliance data

Qualifications:

-        Bachelor’s degree in computer science engineering

-        2–6 years of experience in information security, risk management, or GRC roles

-        Exposure to ISO 27001.

-        Experience with GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust) is a plus

-        Certifications preferred: ISO/IEC 27001 Foundation or Implementer, CompTIA Security+, CISA, CRISC