Serve as a primary point of contact for risk assessments related to DCX systems, tools, and processes
Conduct risk assessments, including third-party and vendor reviews
Maintain and update the risk register, mitigation plans, and risk status tracking
Monitor organizational and system changes to identify emerging risks
Support internal and external audits (e.g., NIST, SOC2) through evidence collection and reporting
Maintain compliance alignment with: NIST Cybersecurity Framework, SOC2, ISO/IEC 27001, Data Privacy Act and applicable privacy regulations.
Track audit findings and follow up on remediation activities.
Support employee risk and security awareness initiatives, including training compliance and campaigns.
Track and report GRC KPIs, metrics, and trends.
Prepare monthly GRC summary reports for leadership.
Collaborate with other departments to provide GRC advisory and consultation services.
Extend GRC support to other departments by assisting with process risk reviews and compliance guidance.
Perform other tasks analogous to the foregoing.

Bachelor’s degree in computer science, information technology, engineering, business, or any related field.
At least three (3) years of experience in Governance, Risk, and Compliance or a related role.
Hands-on experience with risk assessments, audits, or compliance programs.
Experience in supporting or auditing frameworks such as NIST Cybersecurity Framework, SOC2, and ISO/IEC 27001.
Experience in the IT Services or BPO industry is an advantage.
Excellent verbal, written, and English communication skills.
Proficient in both Microsoft and Google applications.
Preferably experienced in the BPO industry.

DCX Risk and Compliance Analyst

Key skills