Principal GRC Analyst
Replicon
IT
Makati, Metro Manila, Philippines
Posted on Apr 18, 2026
Company Summary
As the recognized global standard for project-based businesses, Deltek delivers software and information solutions to help organizations achieve their purpose. Our market leadership stems from the work of our diverse employees who are united by a passion for learning, growing and making a difference. At Deltek, we take immense pride in creating a balanced, values-driven environment, where every employee feels included and empowered to do their best work. Our employees put our core values into action daily, creating a one-of-a-kind culture that has been recognized globally. Thanks to our incredible team, Deltek has been named one of America's Best Midsize Employers by Forbes, a Best Place to Work by Glassdoor, a Top Workplace by The Washington Post and a Best Place to Work in Asia by World HRD Congress. www.deltek.com
Position Responsibilities
About the Role
The Principal GRC Analyst is an individual contributor (IC) role reporting to the Senior Manager of Security GRC. This role is responsible for implementing, maintaining, and assessing security controls across Deltek's multi-cloud environments and supporting compliance programs across multiple regulatory and certification frameworks.
The Principal GRC Analyst plays a central role in audit execution, control validation, evidence management, and continuous compliance operations. This role requires a high degree of technical aptitude and the ability to operate independently across concurrent audit engagements.
Position Responsibilities
FT
Travel Requirements
No
Applicant Privacy Notice
Deltek is committed to the protection and promotion of your privacy. In connection with your application for employment with us at Deltek, it is necessary for us to collect, store and use information about you (“Personal Data”) to administer and evaluate your application. We are the “controller” of the Personal Data you provide us and will process any such Personal Data in accordance with applicable law and the statements contained in this Employment Candidate Privacy Notice . Additionally, we have not sold and do not sell Personal Data you provide to us through the job application process.
As the recognized global standard for project-based businesses, Deltek delivers software and information solutions to help organizations achieve their purpose. Our market leadership stems from the work of our diverse employees who are united by a passion for learning, growing and making a difference. At Deltek, we take immense pride in creating a balanced, values-driven environment, where every employee feels included and empowered to do their best work. Our employees put our core values into action daily, creating a one-of-a-kind culture that has been recognized globally. Thanks to our incredible team, Deltek has been named one of America's Best Midsize Employers by Forbes, a Best Place to Work by Glassdoor, a Top Workplace by The Washington Post and a Best Place to Work in Asia by World HRD Congress. www.deltek.com
Position Responsibilities
About the Role
The Principal GRC Analyst is an individual contributor (IC) role reporting to the Senior Manager of Security GRC. This role is responsible for implementing, maintaining, and assessing security controls across Deltek's multi-cloud environments and supporting compliance programs across multiple regulatory and certification frameworks.
The Principal GRC Analyst plays a central role in audit execution, control validation, evidence management, and continuous compliance operations. This role requires a high degree of technical aptitude and the ability to operate independently across concurrent audit engagements.
Position Responsibilities
- Serve as a subject matter expert for applicable compliance frameworks including NIST SP 800-53 Rev. 5, FedRAMP (Moderate), ISO 27001, SOC 1, SOC 2, CSA STAR Level 2, and CMMC.
- Lead internal and external audit engagements, including evidence gathering, control testing, documentation review, and auditor coordination.
- Assess the design and operating effectiveness of management, operational, and technical security controls deployed in cloud environments.
- Draft, maintain, and mature compliance documentation including policies, standards, procedures, control implementation statements, and system security plans (SSPs).
- Support FedRAMP continuous monitoring (ConMon) activities including POA&M management, monthly reporting, and significant change requests.
- Manage and respond to customer security and compliance inquiries, including CAIQ and SIG questionnaires and security due diligence requests.
- Identify control gaps, process inefficiencies, and risk findings; communicate results clearly to technical and business stakeholders.
- Own or serve as backup owner for GRC services such as Policy Management, Risk Management, Business Continuity Planning, and Customer Security Due Diligence.
- Prepare compliance metrics, status reporting, and evidence packages for internal leadership and external assessors.
- Contribute to GRC program improvements and automation initiatives, including leveraging AI tooling, large language models (LLMs), or workflow automation platforms to enhance compliance operations and reduce manual effort.
- Minimum 5 years of combined experience in one or more of the following: IT audit, IT General Controls (ITGC), information security operations, cloud security and compliance, IT risk management, or public accounting.
- Bachelor's degree in Information Security, Computer Science, MIS, or a related field from an accredited institution.
- Demonstrated experience supporting or leading assessments within cloud-hosted environments (AWS, Azure, GCP, or OCI).
- Familiarity with FedRAMP authorization processes, including SSP development and 3PAO assessment coordination, is strongly preferred.
- Active or in-progress certifications such as CISA, CISSP, CCSK, CCAK, or an equivalent cloud security certification are preferred.
- Strong self-direction and ability to manage competing priorities across simultaneous projects with minimal oversight.
- Excellent written and verbal communication skills, including the ability to convey technical findings to non-technical stakeholders.
- Sound critical thinking and analytical skills with attention to detail in control documentation and evidence review.
- Collaborative mindset with the ability to work effectively across engineering, DevOps, and business teams.
- Commitment to continuous learning and staying current with evolving regulatory and framework requirements.
FT
Travel Requirements
No
Applicant Privacy Notice
Deltek is committed to the protection and promotion of your privacy. In connection with your application for employment with us at Deltek, it is necessary for us to collect, store and use information about you (“Personal Data”) to administer and evaluate your application. We are the “controller” of the Personal Data you provide us and will process any such Personal Data in accordance with applicable law and the statements contained in this Employment Candidate Privacy Notice . Additionally, we have not sold and do not sell Personal Data you provide to us through the job application process.