Apply now »

IT Risk and Compliance Analyst

Description: 

The position reports to the Head, GRC

 

Job Overview:

 

The IT Risk & Compliance Analyst is responsible for ensuring the design, implementation, and ongoing effectiveness of IT and security controls across TIME’s technology landscape. The role drives risk visibility, regulatory alignment, audit readiness, and measurable remediation of control gaps. This position partners closely with Engineering, Infrastructure, and Security Operations to ensure controls are not only documented, but operationally effective.

 

Your work life:

 

  • Lead compliance assessment across frameworks such as ISO 27001, PCI-DSS, CSA STAR, SOC 2, NIST CSF, and NRA.
  • Coordinate and support audit and compliance activities, including evidence collection, walkthrough sessions, and follow-up on remediation actions.
  • Examine and evaluate internal controls against applicable security and privacy frameworks.
  • Monitor compliance with information security policies and practices and any applicable laws.
  • Own and maintain the IT risk register, including risk scoring, residual risk documentation, and formal risk acceptance processes.
  • Define and monitor security Key Risk Indicators (KRIs) and report trends to senior leadership.
  • Support risk assessment activities by providing control insights and identifying potential control gaps.
  • Provide guidance and respond to internal inquiries to business and IT teams on security compliance requirements, controls, and best practices.
  • Serve as a point of contact for information security–related audit and assessment requests, ensuring timely and accurate responses.
  • Track remediation of audit findings and security control gaps with clear SLAs and executive reporting.
  • Conduct security awareness and training activities and help improve the program.
  • Validate the operational effectiveness of technical controls in partnership with Engineering and Infrastructure teams.
  • Stay current with emerging regulatory, compliance, and security requirements and assess their potential impact on the organization.
  • Support board and regulatory reporting with structured, data-driven risk summaries
  • Maintain, update, and develop IT compliance policies, standards, and documentation.
  • Maintain structured, audit‑ready evidence repositories and ensure documentation is complete, accurate, and up to date.
  • Perform periodic control testing to assess control design and operating effectiveness, and report identified gaps to relevant stakeholders.
  • Prepare compliance reports, dashboards, and status updates for management review.
  • Prepare responses and supporting documentation for regulatory or external security compliance inquiries.

 

To be considered, you’ll need:

 

  • A bachelor’s degree in computer science or an educational equivalent.
  • Minimum 3 - 5 years’ experience in information security, risk management, audit and IT compliance.
  • Deep understanding of security compliance frameworks (ISO 27001, PCI-DSS, NIST CSF) and the risk-based security controls.
  • Map and rationalize overlapping control requirements across ISO27001, NIST CSF, PCI-DSS, and SOC2 to reduce duplication and increase operational efficiency.
  • Working knowledge and understanding of information security risk concepts and principles, as a means of relating business needs to security controls.
  • Practical understanding of IT Security Compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices.
  • Validate vulnerability management processes and remediation timelines; ensure scanning coverage and reporting align with defined control requirements.
  • Conduct periodic control maturity assessments and propose prioritized improvement roadmaps.
  • Ability to Interpret vulnerability reports and evaluate their compliance impact.
  • Responsibility and conscientiousness, including proper management of patches to defray business impact while keeping security protocols up-to-date.
  • Ensure alignment with telecommunications regulatory requirements, including MCMC guidelines, PDPA obligations, and critical infrastructure expectations where applicable.
  • An understanding of the cyber security risks associated with various technologies and ways to manage them.
  • Familiarity with common IT environments, including network, cloud, and application systems.
  • Proven analytical and critical-thinking skills to balance security and business needs.
  • Team working skills in order to collaborate with team members and clients.
  • Strong verbal and written communication skills to engage with both technical and business stakeholders.
  • Experience with compliance management software and tools (e.g., Qualys, Tenable) for monitoring and reporting compliance status.
  • Professional certifications such as CISA, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent are strongly preferred.

 

Our Commitment to You
At Time, we believe great work deserves great support. Here’s what you can look forward to when you join us:

  • Comprehensive medical coverage for you and your immediate family, including outpatient care, hospitalisation, dental and optical benefits.
  • Wellness support with an annual spending account for health-related needs, alternative treatments, or even paid-up premiums for personal insurance.
  • Employee assistance during life’s big moments, from celebrations to times of bereavement.
  • Learning & growth opportunities through dedicated time for learning, access to LinkedIn Learning and rewards for upskilling.
  • Cash rewards for recognised certifications and full reimbursement for up to two approved professional memberships each year.

 

*Only shortlisted candidates will be notified.

Apply now »