Our Company
At DOXA, we are dedicated to connecting businesses with top-tier talent across various industries. Our mission is to deliver innovative solutions that drive exceptional outsourcing services, enabling companies to expand their teams and grow their operations seamlessly.
What sets DOXA apart is our commitment to fostering a vibrant and supportive team culture. Join us and be part of a culture that prioritizes your happiness and well-being, ensuring you thrive both personally and professionally.
The Role
We're seeking a GRC (Governance, Risk, and Compliance) Analyst to support our security and compliance programs as we continue to scale. This role is ideal for someone early in their GRC or cybersecurity career who wants hands-on experience supporting audits, managing security documentation, and working cross-functionally in a SaaS environment.
You will work closely with Security, Engineering, Legal, People Ops, and Client teams to help maintain certifications, respond to customer security questionnaires, and support ongoing risk management efforts.
Location: Must be in Philippines Remote.
Timezone: Monday to Friday 9AM 6PM EST / 10PM 7AM PH Time.
Employment: Full Time Position
Requirements
- Bachelor's degree in Information Security, Risk Management, Information Systems, Business, or a related field (or equivalent experience)
- 1-3 years of experience in GRC, compliance, audit, IT, or information security (internships or co-ops welcome)
- Basic understanding of information security and compliance concepts
- Strong attention to detail and comfort working with documentation and evidence
- Ability to communicate clearly with both technical and non-technical teams
- Organized, reliable, and able to manage multiple tasks and deadlines
- Familiarity with SOC 2, ISO 27001, NIST, or similar frameworks
- Exposure to privacy regulations such as GDPR or CCPA
- Experience with ticketing systems, GRC platforms, or audit tools
- Interest in pursuing certifications such as ISO 27001, Security+, or CISA
Responsibilities
- Respond to security questionnaires and requests for information from clients.
- Assist in developing and implementing security policies and procedures.
- Support GRC and Privacy goals to reduce organizational risk.
- Support compliance activities in relation to security and privacy legislation (ie GDPR, CCPA, EU-US Data privacy framework, etc)
- Assist with internal and external audits(e.g. SOC 2, ISO 27001) by collecting evidence, tracking control performance and managing follow ups.
- Regular maintenance of policies and supporting writing any new governance documentation.
- Support third party risk assessment activities.
- Monitor changes to relevant security and privacy regulations (e.g. GDPR, CCPA) to help assess business impact.
- Help improve GRC processes, documentation quality and audit readiness over time.
