GRC Analyst

Grow with us

About this opportunity:

We are now looking for a GRC Analyst professional. This job role is responsible for coordination, support, management, and execution of reactive maintenance activities to ensure that services provided to customers are continuously available and performing to Service Level Agreement (SLA) performance levels. The professional will work alongside a highly skilled, diverse team, making sure that the information assets that we are responsible to protect are secured.

What you will do:

Governance:

• Develop, maintain, and enforce security policies, standards, and guidelines.
• Support security awareness and compliance training initiatives.
• Align security strategy with frameworks (ISO 27001, NIST CSF, COBIT, etc.).
  
  

Risk Management:

• Conduct security and IT risk assessments; maintain risk register.
• Identify, prioritize, and track remediation of security risks.
• Support vendor risk management and third-party security assessments.
  
  

Compliance:

• Ensure ongoing compliance with regulations (GDPR, HIPAA, PCI DSS, SOC 2, etc.).
• Support internal and external audits by managing evidence collection and remediation tracking.
• Monitor emerging compliance requirements and integrate into security posture.
  
  

Vulnerability Management:

• Coordinate vulnerability scans and penetration testing activities.
• Analyze scan results, prioritize vulnerabilities, and track remediation efforts with IT teams.
• Maintain metrics and reporting dashboards for vulnerability risk posture.
• Ensure vulnerability management program aligns with regulatory and industry best practices.
  
  

Mobile Baseline Security Standards (MBSS):

• Support implementation of MBSS for enterprise mobile devices and applications.
• Review configurations and security baselines for compliance with MBSS.
• Collaborate with endpoint and mobile security teams to remediate findings.
• Provide ongoing reporting and assurance on MBSS adherence.
  
  

Operational Support:

• Administer and optimize GRC tools (ServiceNow GRC, OneTrust, etc.).
• Provide executive-level reporting on risk, vulnerabilities, and compliance posture.
• Document incident response findings and ensure lessons learned are applied.
  
  

The skills you bring:

• Bachelor’s degree in Cybersecurity, IT, Risk Management, or related field.
• 2–4 years of experience in governance, risk, compliance, or security operations.
• Knowledge of security frameworks (ISO 27001, NIST).
• Familiarity with vulnerability scanning tools (Qualys, TenableOne, Crowdstrike).
• Understanding of MBSS or other mobile device security standards.
• Strong analytical, documentation, and communication skills.
• Knowledge in 2G, 4G & 5G technology is not mandatory but will be advantageous
  
  

Why join Ericsson?

At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.

What happens once you apply?

Click Here to find all you need to know about what our typical hiring process looks like.

Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more.

Primary country and city: Malaysia (MY) || Shah Alam

Req ID: 772153