Skip to content

GRC Analyst

  • Hybrid
    • Colombo, Western Province, Sri Lanka

Job description

Want to deliver tech with purpose, with people who care?
Join us in our mission to create solutions that help keep children safe online.

Who are we?

Headquartered in Perth, Australia, with offices globally including in Colombo, Sri Lanka, Qoria is an ASX listed global leader in child digital safety technology and services. We are a purpose-driven business, operating under the ‘Linewize’ brand in North America and Asia Pacific, the ‘Smoothwall’ brand in the UK, 'Octopus BI' in Sri Lanka and the ‘Qoria’ brand in EMEA. Our solutions are utilised by schools, school districts, and parental communities to protect children from seeing harmful content online, identify children at risk based on their digital behaviours and ensure teachers maintain focus and safe learning in the digital classroom. 30,000 schools and 7 million parents depend on our solutions to keep 25 million children safe in 180 countries around the world.

What’s the opportunity?

The GRC Analyst plays a vital role in building long term trust with customers, and ensuring the integrity and security of Qoria and its objectives. By ensuring that our critical security, privacy, and compliance controls are continuously upheld and optimized, this role provides the assurance that Qoria operates with integrity, transparency, and accountability.

Duties: What are my day to day duties?

External Audit Compliance

  • Maintain and update security and compliance controls in alignment with frameworks such as ISO 27001 & SOC 2. 

  • Assist with internal and external audits, including evidence collection.

Continuous Control Monitoring 

  • Administer and optimize Qoria’s Continuous Control Monitoring system

  • Collaborate with stakeholders to ensure control objectives are accurately modeled and mapped to leading compliance and risk indicators.

  • Identify control issues and work with teams to address these within expected timeframes.

Risk Management

  • Work with stakeholders to ensure that risks are managed according to Qoria's Cyber Risk Policy

  • Assist in tracking and ensuring risk treatment actions take place within expected timeframes

  • Report on the performance of the risk management process

Third-Party Risk & Compliance

  • Adhere to the Third Party Risk Management Process when assessing vendors 

  • Support due diligence and ongoing assurance activities for key suppliers and cloud vendors.

  • Review vendor SOC reports, certifications, and security questionnaires to assess residual risk.

Performance: How is my performance measured?

  • Process adherence: Adherence to all relevant processes including the Cyber Security Risk Policy and Third Party Risk Management Processes. 

  • Reporting Quality: Delivery of high-quality, data-driven reporting and insights for operational and leadership stakeholders for our Continuous Control Monitoring. 

Requirements: What skills & experience is required?

Experience & Background

  • 3+ years of experience in GRC, security compliance, or IT audit roles.

  • Familiarity with industry frameworks and regulations such as ISO 27001, SOC 2 & NIST CSF.

  • Experience supporting audits, evidence collection, and control assessments.

  • Exposure to risk management concepts, including likelihood, impact assessment, and mitigation tracking.

  • Experience managing Continuous Control Monitoring.

Skills

  • Strong technical acumen, especially in understanding system controls, cloud environments (AWS/GCP).

  • Proficiency in Excel/Sheets, project management tools (e.g., Jira).

  • Analytical mindset and ability to translate control findings into risk and compliance implications.

  • Strong communication and interpersonal skills, with the ability to collaborate across technical and non-technical teams.

Preferred Qualifications

  • Bachelor's degree in Information Systems, Cybersecurity, Risk Management, or a related field.

  • Certifications such as CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or similar.

  • Experience working in SaaS or cloud-native organizations.

To be successful in this role, you must:

  • Be organized and detail-oriented, capable of managing concurrent control and compliance initiatives.

  • Possess a continuous improvement mindset and be comfortable working with evolving tools and processes

  • Be capable of interpreting technical risks in a business context and communicating them clearly.

  • Be an enabler of automation, identifying opportunities to streamline compliance workflows.

  • Thrive in a collaborative, fast-paced environment and be adaptable to change.

Why choose us?

  • Deliver tech with purpose...

As a member of our Engineering team, your work truly matters. Your skills, knowledge and ideas will all help children stay safe online. It feels good to do good.

  • With people who care...

Our Engineers are amazing! They’re also amazingly supportive. We all take ownership of our work, end to end. And at the same time, we really care about growing and winning together.

  • Through work that you love...

You’ll get to work on solving problems for a global engineering team that has a user base in the tens of millions. And you'll be exposed to modern technologies and processes, in a fast-paced and supportive learning environment.

  • And a career that you own...

This role offers so many opportunities to expand your skills and grow your career. You’ll get to attend local software conferences, paid for by us. And as you step up and take ownership to make things happen, you’ll carve out an incredible career.

Shortlisting will commence immediately.

or