Cybersecurity Compliance Analyst- APAC

About Us: At Kobalt.io, our mission is to solve cybersecurity for SMBs at scale. We believe small businesses are the engine behind innovation and growth. Understanding the challenges that our customers have enables us to design and refine scalable cybersecurity services that support a secure path to growth. This is reflected in everything we do, from the programs we build to the partnerships we have developed with companies such as Vanta, Prescient, and Sumo Logic. 

Role Overview: Kobalt.io is an equal-opportunity employer seeking passionate security professionals. The Compliance Analyst is an integral part of Kobalt’s security client-facing delivery team. This role involves tailoring cybersecurity protocols (policies, procedures, and protocols) to support client security journeys. Compliance Analysts also assist vCISOs with security assessments and technical implementation projects.  Furthermore, the Compliance Analyst will provide security education and conduct regular phishing tests for clients. As a certified Vanta partner, the Compliance Analyst will utilize the Vanta platform to expedite client compliance as part of the security program.  This is an excellent opportunity for candidates with GRC experience to expand their knowledge by working with clients of all sizes, in various industries, with different environments and challenges!   This role is fully remote and can be located anywhere in the Philippines but must be willing to work in the AEST timezone to support our Australian clients.

Responsibilities:

Assist vCISOs in executing elements and projects, such as risk assessments, within a security program

Work directly with clients to understand their operations and tailor security policies and procedures that are fit for the organization

Serve as subject matter expert of Kobalt’s security education platform 

Design and deploy phishing tests to clients regularly

Provide compliance audit readiness support as required

Provision, implement, and manage Vanta, or a similar GRC platform, for clients

Build new tools and techniques to compress human-intensive tasks into work that can be achieved in a fraction of the time

Document best practice procedures for commonly used technologies for the standardization of deployment

Identify system misconfigurations and draw up recommendations for clients, and assist where necessary

Collaborate with team members to assist with improvements, discovery, and production of creative and insightful security use-cases

Capture regular metrics highlighting key activities, measurable accomplishments, and blockers

Support the design and development of Kobalt’s service offerings through insightful feedback and a positive attitude as a contributing member of our security delivery team

Help drive improvements in our best-in-class security services through the creation of knowledge-base articles and services documentation

Respond to and engage our customers through our ticket system, chat, email, phone, or other mediums as required

Qualifications:

2-3 years of experience in Security Technologies, Information Security, Business Resilience, Technology Risk or related fields

External-facing client experience 

Can work independently and with teams to identify and resolve challenges and overcome roadblocks.

Ability to communicate effectively, both verbally and in writing, with clients and internal audiences

Understanding of cybersecurity domains, including Security Operations (on-premise and cloud), Security Engineering, Information Risk Management, etc.

The ability to articulate secure best practices of various aspects of information risk management in the context of people, processes and technology

Report Writing: Emphasis on Spelling, Grammar, Word usage, and the ability to write a summary that answers the Who, What, Where, When, How, and, to the best of your ability, Why.

Strong communication skills: Be able to perform summarization and commonality detection and "connect the dots" so that a group of facts is turned into contextual information. Then take that contextual information and determine if it proves your hypothesis right or wrong.

Ability to quickly learn and adapt security best practices to a wide variety of technologies in use by clientele

Nice to have:

Intermediate coding/scripting skills to help automate processes and scale implementation efforts

Be familiar with technical system access controls, how to apply them, and what benefits are gained from controls.

Ability to provide on-the-job training and knowledge sharing to other team members

Solid sense of integrity and identification with the mission.

Strong intuition and ability to think “outside the box”

Attention to detail while seeing the bigger picture

Benefits:

Competitive salary and benefits package

Exposure to diverse client environments 

Professional development opportunities

Fun and inclusive company culture

How We Use AI in Our Hiring Process

At Kobalt.io, we value transparency and want you to know exactly how we evaluate candidates.

AI Notetaking: We use an AI-powered meeting assistant in all interviews. This tool records, transcribes, and generates summaries of our conversation. This allows our interviewers to be fully present and engaged with you, rather than being distracted by taking manual notes.
Information Sharing: These summaries help us accurately share your qualifications and highlights with hiring managers and key stakeholders who may not be on the call.
Human-Led Decisions: While our AI tools may provide data points or candidate rankings, humans remain at the helm of our decision-making. We may use these insights as just one piece of information in our evaluation. Your potential is assessed by real people, and the final decision on who moves forward is always made by the hiring team.