Senior Security GRC Analyst
Loma Technology
-
Location:
Phnom Penh, Cambodia
-
Category:
Information Technology
-
Job Type:
Full Time
-
Salary:
Negotiable
Skills Required: DevOps
Educational Requirements:
- Bachelor Degree
Experience:
- 5 Years
Extra Benefits:
- Sick Leave
- Annual Leave
- Special Leave
Job Description:
KEY ACCOUNTABILITY
+ Security Governance & Policy Development
-Define, maintain, and enforce application security policies, standards, and guidelines (e.g.,
Secure SDLC, DevSecOps, API security) aligned with OWASP Top 10, CIS, ISO 27001, and NIST.
-Define risk acceptance criteria and governance models for application security, and maintain a risk register.
-Support IT Security Manager in writing security-related documents, processes, and procedures.
+ Compliance & Audit
-Conduct gap and risk assessments using frameworks (NIST CSF, CIS Controls) and oversee remediation.
-Manage third-party SaaS/application software security reviews.
+ Risk Management & Metrics
-Apply risk quantification methods (OWASP Risk Rating, CVSS) to application vulnerabilities.
-Track and report security KPIs/KRIs (e.g., remediation time, defect recurrence).
-Advise engineering teams on risk trade-offs and exception management.
+ Cross-Functional Collaboration
-Collaborate with AppSec, DevOps, and product teams to embed governance into CI/CD pipelines.
-Foster risk-awareness culture through training and best practices.
JOB REQUIREMENT
-4+ years in security governance, GRC, or application risk management (software development industry preferred).
-Deep knowledge of application security frameworks (OWASP Top 10, NIST, ISO 27034).
-
DevSecOps, and Secure SDLC.
-Proven experience defining/executing IT and security governance standards, processes, and guidelines.