Onsite/Hybrid/Remote
full-time
mid
The GRC Officer - L1, supports the implementation and ongoing maintenance of compliance frameworks such as ISO 27001, SOC 2 Type II, GDPR, Jamaica Data Protection Act, and PCI DSS across the organization’s products and IT services. The role collaborates with the GRC Head, Compliance Officer, and CISO to assist in audits, risk tracking, policy governance, and ensuring continuous compliance and operational readiness.
Support the implementation and maintenance of governance frameworks and compliance programs Assist in preparing compliance reports, dashboards, and documentation for leadership review Support maintenance of policies, procedures, and compliance records Assist in ISMS and PCI DSS implementation and ongoing maintenance activities Support risk assessments, documentation of Statement of Applicability (SoA), and control tracking Participate in internal audits and assist in tracking audit findings and remediation Support SOC 2 Type I and Type II readiness and ongoing compliance activities Assist in collecting audit evidence and coordinating with internal teams Help track control implementation across products, IT services, and operations Assist in maintaining GDPR compliance activities including RoPA and DPIA documentation Support handling of data subject requests (DSRs) and privacy related records Assist in tracking data retention and basic privacy compliance requirements Support maintenance of the risk register and assist in tracking risk treatment plans Assist in conducting vendor risk assessments and maintaining related documentation Track remediation activities and follow up with relevant teams Support internal, external, and customer audits through evidence collection and coordination Assist in tracking audit observations and remediation closure Support awareness activities and coordination of security and compliance training sessions
Bachelor’s degree in Engineering, Information Security, IT, Risk Management, or a related field Master’s degree preferred (Cybersecurity / MBA) Working knowledge of ISO 27001, SOC 2 Type II, GDPR, Jamaica Data Protection Act, and PCI DSS Basic understanding of IT services, SaaS environments, and associated risk landscapes Exposure to ISMS implementation, risk registers, and control frameworks Familiarity with secure SDLC practices, vendor risk management, and data privacy concepts Experience supporting internal and external audits, including evidence collection and coordination Ability to work with cross functional teams to support compliance activities Good documentation and communication skills for policy, process, and audit related tasks
1 to 3 years of experience in GRC, Information Security, Compliance, or a related domain Basic exposure to ISO 27001, SOC 2 Type II, GDPR, or similar frameworks Experience supporting compliance activities such as audits, documentation, or control implementation Familiarity with IT services or SaaS environments (preferred) Exposure to risk management, policy management, or audit coordination activities Experience working with cross functional teams in a professional environment
