Governance Risk and Compliance I Analyst III at Vertiv

Mandaluyong, Metro Manila, Philippines -

Full Time

Start Date

Immediate

Expiry Date

12 Apr, 26

Salary

0.0

Posted On

12 Jan, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Governance, Risk Management, Compliance, IT Security, Risk Assessments, Audit Readiness, Third-Party Risk Management, ISO 27001, NIST CSF, Documentation, Analytical Skills, Communication, Stakeholder Management, Organizational Skills, GRC Platforms, Security Policies

Industry

electrical;Appliances;and Electronics Manufacturing

Description

Job Title: Senior GRC Analyst Division: Governance, Risk & Compliance – IT Security Position Summary The Senior GRC Analyst will act as a key contributor to Vertiv’s Governance, Risk, and Compliance initiatives, driving risk assessments, security reviews, audit readiness, and third-party risk management efforts. This role supports continuous improvement of the risk register and policy exception processes, partners with cross-functional stakeholders, and helps develop a scalable security and compliance posture across the organization. Key Responsibilities Lead IT risk assessments, mitigation planning, and control monitoring activities. Oversee risk register updates and coordinate with risk owners and SMEs to track mitigation actions. Drive third-party risk reviews and assessments using OneTrust and SecurityScorecard, escalating high-risk vendors for action. Conduct contract reviews focused on information security terms and recommend necessary revisions. Respond to customer security questionnaires with input from SMEs using Loopio. Supervise compliance training rollouts (e.g., phishing campaigns, annual security awareness training). Review and recommend changes to IT security policies and standards aligned with ISO 27001, NIST CSF, and other frameworks. Support internal and external audits by gathering evidence and assisting with SOX and ISO audit readiness. Generate and present GRC dashboards and KPIs to leadership to inform risk posture and team performance. Act as an escalation point for GRC process inquiries and ticket-related exceptions. Mentor junior analysts and support GRC program maturity through playbooks, SOPs, and process documentation. Qualifications Bachelor’s degree in information systems, Cybersecurity, or a related field. 5+ years of experience in GRC, IT Risk Management, or Information Security. Strong understanding of ITGC, SOX, ISO 27001, NIST CSF, and data privacy regulations (e.g., HIPAA, GDPR). Experience with GRC platforms such as ServiceNow GRC, OneTrust, and SecurityScorecard. Strong documentation and analytical skills with experience preparing audit-ready evidence. Certifications such as CISA, CISSP, ISO 27001 Lead Implementer or Auditor (preferred). Excellent communication and stakeholder management skills across global teams. Strong organizational skills and ability to manage multiple deliverables independently.

Responsibilities

The Senior GRC Analyst will lead IT risk assessments and oversee risk register updates while driving third-party risk reviews. They will also support internal and external audits and mentor junior analysts.