Governance, Risk and Compliance Analyst - 12 Months Contract

Company Description

Carousell Group is the leading multi-category platform for secondhand in Greater Southeast Asia on a mission to make secondhand the first choice. Founded in August 2012 in Singapore, the Group has a leading presence in seven markets under the brands Carousell, Carousell Media Group, Cho Tot, Laku6, LuxLexicon, Mudah.my, OneShift, REFASH and Revo Financial, serving tens of millions of monthly active users. Carousell is backed by leading investors including Telenor Group, Rakuten Ventures, Naver, STIC Investments, 500 Global and Peak XV Partners (formerly known as Sequoia Capital India).

As a team of passionate individuals working together to solve meaningful problems, there is so much more for you to discover in a career with Carousell. Our culture is made up of hiring, developing, and promoting people who embody our values of HEART, which is an acronym for Humility, Empathy, Accountability, Relentlessly resourceful and Teamwork. Together as an organisation, we make magic happen.

Job Description

The Junior IT Governance, Risk, and Compliance (GRC) updates and maintains control matrices and provides recommendations for management’s consideration. This position takes a lead role in ensuring  compliance with company internal controls, regulatory, ITGC and information security policies and procedures. The incumbent works with SaaS owners, legal and regulatory team, CorpIT team, Security Engineering team, external audit firms, and regulatory agencies to provide supportive documentation as applicable.

Responsibilities:

• Attend to audit compliance gaps, continuously monitor controls and co-own as necessary key SaaS

• Check alignment of ITGC policies with key SaaS and attend to any control deficiencies

• Collaborate with different SaaS owners and perform periodic compliance assessments of key SaaS

• Collaborate effectively with various departments across the organization, including business units, Corp IT, Security Engg, Legal, and Finance.

• Perform internal audits and assessments to evaluate the effectiveness of controls, identify opportunities for remediation and ensure internal audit results are re-usable for any external audits

• Proficiency in conducting third-party risk assessments, encompassing vendor collaboration, identification of issues, and formulation of actionable recommendations.

• Own and manage communication, updates, submissions and remediation for all external audits

• Propose, defend and implement GRC tools and systems to support risk management activities and facilitate automated compliance monitoring

• Development and implementation of GRC process, standards, reporting metrics, dashboards and evidence artifacts to ensure compliance with regulatory requirements and industry best practices.

• Development and delivery of training programs to raise awareness and promote a culture of governance, risk management and compliance within the organization

• Stay informed about emerging trends and developments in GRC practices, regulations, and technology solutions to contribute to continuous improvement initiatives

Qualifications

• Education: Diploma in Information Technology, Computer Science, IT Audit, or equivalent.

• Experience: At least 1 year of working experience in an IT Audit firm.

• Certifications: Technology or Risk Certifications such as CISA, CISSP, CISM, CRISC, CGEIT, etc., are advantageous.

• Technical Knowledge: Sound knowledge of information communications technology and cybersecurity fundamentals.

• Governance Frameworks and Standards: Strong understanding of various governance frameworks and standards, such as NIST, SOC1, ISO, PCI-DSS, and CIS. Experience with SOC1, NIST, ISO 27001, ISO 9001, and Cyber Trust Mark audits is advantageous.

• IT Service Management: Proficient with the ITIL framework and ITSM tools.

• GRC Awareness Training Programs: Skilled in developing and delivering IT GRC awareness training programs.

• Presentation Skills: Excellent presentation and public speaking skills to effectively represent the GRC program during audits.

• Independence: Ability to operate independently and effectively represent the GRC team.

• Communication Skills: Ability to translate technical or complex concepts into user-friendly language.

• Language Proficiency: Proficient in English.  

• Can work on a 12-month contract

Additional Information

Please note that Carousell will not ask for payment of any fees nor recruit on social media platforms. Legitimate information regarding career opportunities with Carousell can always be found on our official careers site at careers.carousell.com. If you have encountered any scams or are a victim of such scams, please promptly inform your local police.

By proceeding with your application, you are adhering to our PDPA policies. In case you are interested to know more, read about our Candidates Personal Data Privacy Statement. 

By proceeding with your application, you are adhering to our PDPA policies. In case you are interested to know more, read about our Candidates Personal Data Privacy Statement.