Security GRC Analyst

The GRC Analyst is focused on ensuring Pax8’s third party risk management program is coordinated, documented, and messaged with key stakeholders. They support the maturity efforts of the third-party risk management security program. Third party risk program focuses on internal supplier and vendor marketplace security risk reviews and assurance efforts. They are a key member of the Trust and Security team, providing guidance and direction to security professionals and collaborating with other departments across the organization.

Be part of something bigger

Pax8 continues to expand across APAC, building a collaborative, people‑first culture where innovation and integrity guide how we work. Learn more about life at Pax8 through our stories on pax8.com and the Pax8 Blog.

This role will be based in our office in Makati City, working on night shift (10:00pm - 7:00am). Employees are required to attend the office 5 days/week.

What you’ll be doing

• Vendor Risk Assessment: Perform end-to-end risk assessments of third-party vendors, including evaluating security posture, financial stability, and operational resilience.

• Compliance Monitoring: Ensure third parties adhere to internal security standards and regulatory requirements (e.g., SOC2, ISO 27001, GDPR).

• Due Diligence: Review and analyze vendor security questionnaires, audit reports (SOC reports), and penetration test results.

• Risk Mitigation: Collaborate with business owners and procurement to identify control gaps and track remediation efforts with vendors.

• Liaison & Reporting: Act as a bridge between internal stakeholders (IT, Legal, Procurement) and external partners to maintain the TPRM lifecycle.

• GRC Tool Management: Use and maintain risk management platforms (like OneTrust, ZenGRC, or similar) to track vendor health and audit evidence.

What you’ll bring

• Experience: 3–5+ years in GRC, Information Security, or IT Audit, with a specific focus on Third Party Risk Management.

• Certifications: Preferred (but not required) certifications include CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), or ISO 27001 Lead Auditor.

• Technical Knowledge: Deep understanding of risk frameworks such as SCF, NIST CSF, NIST RMF, and security standards like SOC 2 and PCI-DSS.

• Skills: Strong analytical ability to interpret complex security documentation and communicate risks to non-technical stakeholders.

What you’ll enjoy

• Competitive salary

• HMO coverage

• 20 days paid annual leave + 10 days bonus annual leave

• 10 days paid annual sick leave

• 13th‑month pay

• Access to LinkedIn Learning & Learning & Development tools and training opportunities

• Employee recognition programs

• Fun and engaging company events

Building trust in how we hire

At Pax8, we care deeply about building genuine, trust based relationships — starting with how we hire. To protect our business, our teams, and our customers, we use a range of measures throughout the recruitment process to help confirm authenticity and prevent fraud. These safeguards are designed to be fair, respectful, and proportionate, and may evolve as risks change. By applying, you acknowledge that we take steps to verify identity and representation during hiring. If you're applying as your authentic self, you have nothing to worry about — we're excited to meet you. We also use thoughtfully applied AI-enabled tools to support our hiring process. These tools may assist with tasks such as reviewing or prioritising applications, but hiring decisions are made by our people. More information is available in our Recruitment Privacy Notice. If you have questions about how we hire or would prefer not to have your application supported by these tools, you can opt out at any part of our process.

We welcome all backgrounds

We encourage you to apply even if you don't meet 100% of the criteria. We're committed to diverse perspectives, inclusive hiring and sharing your transferrable skills. To fulfil this role, you must hold valid right to work in the Philippines.

Your Pax8 office experience
Our Manila office provides a collaborative, engaging environment designed for connection, learning and high‑performance teamwork. Expect a modern workspace, community‑driven culture and the energy of a rapidly expanding global tech business.

Grow your career with unlimited runway

There's extensive room for a talented individual to grow at pace — whether that's advancing quickly in this role or exploring one of the many opportunities across our global organisation. You'll have access to our internal development hub designed to accelerate your skills and stretch your potential. Alongside specialist Learning & Development trainers, you'll also tap into AI powered tools, "born in the cloud" mentors, and cross continent collaboration that broaden your perspective and sharpen your expertise. We'll give you the space, trust, and the right projects to help you thrive — and full visibility of what it takes to reach your next level.

About Pax8

Our mission is to be the world's favourite place to buy cloud products. We are a fast-growing, dynamic, and high-energy organisation with a start-up feel, allowing you to make a meaningful impact on the business. Culture is important to us, and at Pax8, it's business, and it IS personal. We are passionate, creative, and unconventional. We work hard, keep it fun, and expect the best! We Elev8 each other. We Advoc8 for our partners. We Innov8 continuously. We Celebr8 life.

Background checks

As part of our hiring process, we are required to undertake pre-employment checks on all candidates that are successful in their application with Pax8. As part of these checks Pax8 will request ID verification, reference requests and qualification checks (additional checks may be completed for certain countries, such as criminal and financial). All checks are completed by our third-party provider, First Advantage. Once checks have been completed all candidates will receive a copy for their records.

Equal opportunities

Pax8 are an equal opportunities employer and welcome individuals who are in possession of the appropriate requirements to work within the country you have applied for. Offered individuals will be asked to undertake identity, security compliance and reference checks. Your privacy is important to us. Privacy notice: https://www.pax8.com/en-us/terms/job-applicant-privacy-notice/