[Hiring] Cybersecurity GRC Analyst @Kora

Role Description

As a Cybersecurity GRC Analyst, you will be responsible for supporting the organization’s information security governance, risk management, and compliance programs. This role ensures that security policies, controls, and processes align with regulatory requirements, industry standards, and business objectives. The analyst will assess risks, support audits, and help drive a strong security and compliance culture across the organization.

• Develop, review, and maintain information security policies, standards, and procedures
• Ensure alignment with industry frameworks (e.g., ISO 27001, NIST CSF, CIS Controls)
• Support the implementation and monitoring of security governance programs
• Drive security awareness initiatives and promote a culture of compliance
• Conduct risk assessments (enterprise, vendor, application, infrastructure)
• Maintain and update the organization’s risk register
• Perform control gap assessments and recommend remediation actions
• Support third-party/vendor risk management processes
• Track and report on risk treatment plans and mitigation progress
• Support compliance with regulatory and industry requirements (e.g., PCI DSS, SOC 2, GDPR)
• Coordinate internal and external audits, including evidence collection and walkthroughs
• Monitor compliance posture and track remediation of audit findings
• Assist in the development of compliance reports and dashboards for management
• Collaborate with security and IT teams to ensure controls are effectively implemented
• Assist in incident response from a compliance and reporting perspective
• Support control testing and continuous monitoring activities
• Maintain accurate documentation of policies, risk assessments, and control activities
• Other duties as assigned by the CISO.

Qualifications

• 2–4 years of experience in cybersecurity, IT risk, compliance, or audit
• Minimum of a Bachelor’s degree certificate
• Strong understanding of information security frameworks and standards (ISO 27001, NIST, SOC 2, PCI DSS)
• Experience with risk assessment methodologies and control frameworks
• Familiarity with regulatory requirements relevant to the industry (e.g., financial services, data protection laws)
• Experience with GRC tools
• Good communication & interpersonal skills
• Positive attitude
• Ability to handle stress appropriately and interact well with others.

Key Skills

• Strong analytical and risk assessment skills
• Attention to detail and strong documentation capabilities
• Excellent communication and stakeholder management skills
• Ability to translate technical risks into business impact
• Strong organizational and project management abilities
• High level of integrity and professionalism

Benefits

• Health insurance
• Sponsored and tailored training
• Paid parental leave
• Paid time-off
• Flexible work style
• Low-interest loans
• Group Life Insurance
• Access to up to four therapy sessions monthly
• Day off on your birthday 🎂 🎁 🎉
• Employee interest groups that provide supportive communities within Kora
• Great company culture and the opportunity to work with a highly collaborative team building something great!

Equal Opportunity Employer

Kora is an equal-opportunity employer dedicated to building an inclusive and diverse workforce. All employment decisions are based on qualifications, experience, and business needs. We strongly encourage applications from underrepresented communities and diverse ethnic groups to apply.

Please feel free to inform us if you need any accommodations to facilitate your participation in the recruitment process. Any details you share will be used solely to ensure we can support and accommodate your needs appropriately.