Senior Security GRC Analyst

Loma Technology

  • Location:

    Phnom Penh, Cambodia

  • Category:

    Information Technology

  • Job Type:

    Full Time

  • Salary:

    Negotiable

Skills Required: DevOps


Educational Requirements:
  • Bachelor Degree
Experience:
  • 5 Years

Extra Benefits:

  • Sick Leave
  • Annual Leave
  • Special Leave

Job Description:



JOB SUMMARY

We are looking for a Senior Security GRC Analyst for our organization. At least 4 years of work experience as a Senior Security GRC Analyst. The candidate is expected to contribute efficiently to the complete Security Governance & Policy Development. The candidate will have to translate technical risks into business impacts for executives. Your major tasks will be to secure SDLC, DevSecOps, and API security.

KEY ACCOUNTABILITIES

+ Security Governance & Policy Development

- Define, maintain, and enforce application security policies, standards, and guidelines (e.g.,

- Secure SDLC, DevSecOps, API security) aligned with OWASP Top 10, CIS, ISO 27001, and NIST.

- Define risk acceptance criteria and governance models for application security, and maintain a risk register.

- Support the IT Security Manager in writing security-related documents, processes, and procedures.

+  Compliance & Audit

- Conduct gap and risk assessments using frameworks (NIST CSF, CIS Controls) and oversee remediation.

- Manage third-party SaaS/application software security reviews.

+  Risk Management & Metrics

- Apply risk quantification methods (OWASP Risk Rating, CVSS) to application vulnerabilities.

- Track and report security KPIs/KRIs (e.g., remediation time, defect recurrence).

- Advise engineering teams on risk trade-offs and exception management.

+  Cross-Functional Collaboration

- Collaborate with AppSec, DevOps, and product teams to embed governance into CI/CD pipelines.

- Foster risk-awareness culture through training and best practices.

JOB REQUIREMENTS

(Education, Qualification/Skills/Behaviors, and Related Experiences.)

- 4+ years in security governance, GRC, or application risk management (software development industry preferred).

- Deep knowledge of application security frameworks (OWASP Top 10, NIST, ISO 27034),  DevSecOps, and Secure SDLC.

- Proven experience defining/executing IT and security governance standards, processes, and guidelines.

- Ability to translate technical risks into business impacts for executives.

- Strong documentation and presentation skills (e.g., policy writing, risk reports).

- Continuous learner, eager to adopt new technologies and security practices.

Job Summary:

  • Job Posted:03 Sep, 2025

  • Expiration:03 Jan, 2026

  • Vacancy:1

  • Gender: No Preference

Working Conditions:
  • On Site