• We are seeking a Security Analyst with an emphasis on fraud research to join our Information Security team. • This role is responsible for identifying, researching, and helping mitigate computer-based and non-computer-based fraudulent activity across the organization. • The analyst will support the investigation of suspicious activity, review trends and patterns that may indicate fraud risk, and help strengthen internal controls through monitoring, analysis, documentation, and reporting. • This position works closely with the Director of Information Security and cross-functional business partners to support fraud prevention efforts, incident response, and risk management activities.

Role Description The Senior Security Compliance GRC Analyst leads complex audits and regulatory assessments, providing subject matter expertise in frameworks such as SOC 2, ISO 27001, FedRAMP, ENS, and Cyber Essentials. This role improves control design, harmonizes evidence practices, and guides corrective action plans — while mentoring junior analysts and partnering with cross-functional teams to mature the organization's compliance posture and reduce recurring audit gaps through regular external audit integration. - Lead complex internal and external audits, coordinating cross-functional participation and ensuring timely, accurate evidence delivery; serve as a subject matter expert on one or more compliance frameworks including SOC 2, ISO 27001, HIPAA, FedRAMP, and PCI. - Design and execute control testing plans, evaluating control effectiveness and documenting observations or gaps; drive remediation workflows by partnering with system owners to define action plans and confirm closure. - Develop and maintain compliance documentation including system security plans, control narratives, and audit-ready evidence libraries; prepare and maintain comprehensive records of compliance activities including risk assessments, audit reports, and regulatory filings. - Support harmonization of control frameworks by mapping controls and evidence across multiple regulations and standards; identify process and control improvement opportunities, recommending updates that enhance efficiency and reduce audit friction. - Project manage compliance audits including evidence collection and gap analysis; mentor junior analysts in audit readiness, evidence preparation, and control testing methodologies. - Mentor, coach, train, and provide feedback to other team members; may provide feedback to leadership on the technical abilities of the team. Qualifications - Bachelor's degree or equivalent work experience, with 3–5 years of experience in compliance, risk management, internal audit, or regulatory affairs. - Knowledge of regulatory frameworks such as SOC, ISO 27001, NIST 800-53, FedRAMP, SOX, HIPAA, GDPR, or FAR/DFARS. - Strong data gathering, interviewing, analytical, and problem-solving skills; strong knowledge of security risk assessment techniques, risk scoring models, and risk impact analysis. - Strong oral and written communication skills with a professional demeanor; strong facilitation, project management, and interpersonal skills with the ability to maintain professionalism across all levels of the organization. - Strong collaboration skills applied successfully within a team and across all levels of employees; demonstrated ability to influence, motivate, and mobilize team members and business partners. Requirements - Experience in a government-regulated industry such as healthcare, finance, defense, or technology. - Cloud security and/or AI GRC certifications. - Strong data analysis knowledge using tools such as Excel, SQL, or statistical software packages. - Strong knowledge of Microsoft Operating Systems, products, and advanced Microsoft Excel skills. - Self-motivated with the ability to manage projects to completion with minimal oversight in a fast-paced, deadline-driven environment; strong attention to detail with the ability to handle sensitive information with discretion and tact. Benefits - Career development resources. - Wellbeing programs. - Innovation practices.

• The Security Analyst is responsible for specific aspects of the security program including regulatory reporting, metrics/KPIs, training and awareness, security process integration and risk management for our clients. • Protects computer assets by establishing and enforcing system access controls; maintaining disaster preparedness. • Document, maintain and analyze compliance with IT controls, standard procedures, and policies. • Demonstrate excellent customer service skills, build credibility and rapport with client technical teams. • Assist in periodic information risk assessments and audits to ensure that information systems are adequately protected to meet security objectives. • Assist in collecting security-related evidence for external audits. • Provide technical expertise during IT security incident response. • Support IT security inquiries from customers. • Assist in the review of vendor IT security programs and controls. • Assist in tracking and maintenance of action plans for the resolution of issues identified during assessments and audits. Provide needed assistance with the execution of those remediation plans. • Ensure authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements. • Establish physical security by developing standards, policies and procedures. • Advise on risk levels and security posture through a risk management framework. • Identify business processes requiring information security Integration. • Support the design and execution of security exercises.

Senior Security and Privacy Analyst, Bilingual Japanese and English Location:Cebu, Philippines Department:Privacy, Security & Risk About AvePoint AvePoint is the global leader in data protection, unifying data security, governance, and resilience to provide a trusted foundation for AI. More than 28,000 customers rely on the AvePoint Confidence Platform to secure, govern, and rapidly recover data across Microsoft, Google, Salesforce, and other cloud environments. With a single platform for lifecycle control, multicloud governance, and rapid recovery paired with clear ownership across the business, we prevent overexposure and sprawl, modernize legacy and fragmented data, and minimize data loss and interruption. Our global partner ecosystem includes approximately 6,000 MSPs, VARs, and SIs, and our solutions are available in over 100 cloud marketplaces. To learn more, visit www.avepoint.com. About the role We are looking for a Senior Security and Privacy Analyst to serve as the APAC regional lead for AvePoint's Privacy, Security & Risk (PSR) program. You will help implement and drive initiatives, programs, and projects to raise our game in Information Security, Privacy, and Risk Management across the Asia-Pacific region. You are pragmatic, operational, and practical in your understanding of risk and security, but also have a business-minded approach. You will help us "say what we do, do what we say, and prove it." This role is critical to supporting AvePoint's expanding APAC compliance footprint—including ISMAP (Japan), IRAP (Australia), and regional privacy regulations—while partnering closely with our global PSR team. Key Responsibilities - Regional Compliance & Certification: Lead and operationalize APAC-specific certification and audit activities, with primary focus on Japan's ISMAP (Information system Security Management and Assessment Program) and Australia's IRAP (Infosec Registered Assessors Program), including evidence gathering, control mapping, and coordination with external assessors. - Privacy & Data Protection: Support compliance with APAC data protection laws and regulations, including Japan's APPI, Australia's Privacy Act, and other regional requirements such as South Korea's PIPA, in alignment with AvePoint's global privacy standards. - Security Operations: Contribute hands-on to the day-to-day operations of the information security and privacy program, including monitoring and responding to security incidents across the APAC region. - Audit & Risk Management: Operationalize activities around certifications, audits, and risk management initiatives. Support internal and external audit readiness, including SOC 2 Type II, ISO 27001, ISO 27701, and APAC-specific frameworks. - Sales Enablement & Customer Trust: Partner with the APAC sales organization on PSR matters—respond to customer security questionnaires, RFPs, and due diligence requests, balancing deal velocity with AvePoint's PSR requirements. Serve as a regional representative and advocate of AvePoint's expertise in data security. - Documentation & Communication: Update and maintain security and privacy documentation to keep current with frequent regulatory and programmatic changes in the APAC region. Create effective technical communications in both Japanese and English across a variety of media. - Security Champions Program: Collaborate with regional Security Champions (e.g., in Japan, Singapore, China, and ANZ) to enhance security awareness, promote best practices, and drive localized security initiatives. - Cross-Functional Collaboration: Actively participate in cross-functional teams representing the PSR function. Collaborate with the CISO/CPO and senior leadership to develop and execute strategic plans for APAC security and privacy initiatives. - Vendor & Third-Party Risk: Support vendor risk assessments and third-party security evaluations for APAC-based partners and subprocessors, ensuring compliance with AvePoint's data protection and information security standards. - Continuous Improvement: Continuously improve internal PSR deliverables and content in response to feedback from APAC customers, colleagues, and evolving regulatory landscapes. Required Qualifications - Education: Bachelor's degree in Information Security, Computer Science, Engineering, Law, or a related field. A master's degree is preferred. - Experience: Approximately 5–8 years of experience in information security, privacy, compliance, or risk management, with at least 2 years of experience supporting APAC-region compliance programs. - Language: Fluent in Japanese and English (spoken and written) — this is a hard requirement. The role requires the ability to translate technical security and privacy concepts between both languages, interact with Japanese government-adjacent auditing bodies, and produce professional documentation in both languages. - Writing Skills: Strong background in writing with excellent editing and proofreading skills in both English and Japanese. - Technical Knowledge: Solid understanding of networking, cloud infrastructure, and information security principles. Familiarity with security frameworks such as ISO 27001, ISO 27002, SOC 2, and NIST SP 800-53. - Regulatory Knowledge: Working knowledge of APAC privacy and data protection regulations (e.g., Japan APPI, Australia Privacy Act, PDPA). Preferred Qualifications - ISMAP Expertise: Familiarity with Japan's ISMAP framework, including ISMAP management standards, the audit process, and cloud service registration requirements. Experience supporting ISMAP audits or readiness assessments is highly valued. - IRAP Expertise: Familiarity with Australia's IRAP framework, including the ISM (Information Security Manual), PSPF, and the four-stage IRAP assessment process (Plan & Prepare → Define Scope → Assess Controls → Report Findings). - Additional Languages: Proficiency in Chinese (Mandarin) and/or Vietnamese is a significant plus. - Certifications: Relevant certifications such as CIPP/A, CISSP, CISM, CISA, or ISO 27001 Lead Auditor are highly desirable. - Industry Experience: Experience in a SaaS, cloud software, or technology company in the security, privacy, or compliance field. - Sales Enablement: Experience supporting sales teams with security questionnaires, RFPs, and customer-facing trust narratives. What We Offer - The opportunity to be the APAC voice of one of the most forward-thinking PSR programs in the data management industry - Direct collaboration with AvePoint's global Security Team, including the CISO/CPO and senior leadership - A dynamic, global team culture that values agility, passion, and teamwork - Professional development support, including certification sponsorship - Competitive compensation and benefits aligned with APAC market standards What’s in it for you? - HMO coverage from day 1 of employment (plus 2 free dependents) - Group life insurance (upon regularization) - Wellness Reimbursement Program (upon regularization) - Paid annual and sick leaves (convertible into cash) - Paid compassionate leave (5 days) - Employee Dedication Award (years of service) - Employee Referral Bonus Program - Promoting diversity and inclusion - Business Travel Opportunity (Top Performers) - Hybrid Working Arrangement (3 days onsite & 2 days' work-from-home) - Competitive compensation package, Performance bonuses/incentives - Career growth & advancement opportunities *Terms and conditions apply AvePoint is proud to employ talent from many different backgrounds, experiences, and identities. We believe that diversity and inclusion drives our success and is at the core of how we hire, communicate, and collaborate to deliver value and excellence. We are committed to fostering an environment where people can bring their whole selves to work and feel a sense of belonging, and we continue to work toward creating a workforce that represents the diversity of our customers and communities. Any personal data you share with us during the application process will be processed strictly in compliance with applicable data protection laws and our Privacy Notice.