Security Risk Compliance Manager

REPORT TO: Group Security Manager (CISO)
JOB PURPOSE:

The Security Risk & Compliance Manager will play a critical role in ensuring the organization&039;s adherence to security standards and regulatory requirements. This position demands a deep understanding of risk management principles, governance frameworks, and compliance best practices across IT and business environments. The role requires significant cooperation with local business units (BUs). It can be located in any “Global hub” location, such as Asia or Africa. Additionally, the role participates in security- related projects as a Subject Matter Expert (SME), specifically for helping in the design of controls and/or requirements for SOC use cases and assisting in Business Impact Analyses (BIA) and risk assessments

ACCOUNTABILITY:
Security Governance

Collaborate with stakeholders to promote security awareness and best practices.
Ensure compliance with industry standards and regulations.
Develop and enforce security policies, procedures, and controls.
Establish and maintain a comprehensive security governance framework.

Policies & Controls

Ensure consistent application of security policies across the organization.
Conduct regular reviews and updates to policies to reflect evolving threats and compliance requirements.
Create, update, and manage security policies and controls.
Cooperate with finance for executing the controls using their tooling.
Ensure policies contain key controls and verify these controls with Group IT and local BUs.
Cooperate with QA for storing policies using their tooling.

Risk Management

Develop risk mitigation strategies and action plans.
Perform regular risk assessments and audits to ensure compliance with risk management policies.
Identify, assess, and manage security risks across IT and business environments.
Align with the business on risks and important topics such as IT continuity and disaster recovery.

3rd Party Risk Management

Ensure third- party security practices align with organizational policies and standards.
Establish and maintain third- party risk management procedures and controls
Assess and manage risks associated with third- party vendors and partners.

Exception Management

Ensure proper approval and tracking of exceptions.
Manage and document security exceptions and deviations from established policies.
Develop strategies to minimize exceptions and improve compliance.

Dashboarding & Metrics

Develop and periodically deliver a security dashboard with outcome- driven compliance and risk metrics. Aim to achieve near real- time reporting capabilities over time.
Develop and maintain a comprehensive reporting dashboard that includes operational security, compliance, and risk management sections.
Provide regular reporting on security posture and compliance status to senior management.
Act as the owner of the reporting dashboard, ensuring its accuracy and relevance.
Perform hands- on tasks to determine what should be included in the operational security section of the dashboard.
Utilize metrics to drive continuous improvement in security practices.

Audit

Develop and implement corrective actions based on audit findings
Collaborate with external auditors and regulatory bodies during compliance audits.
Conduct internal audits to verify compliance with security policies and standards.

Project Participation

Assist in Business Impact Analyses (BIA) and risk assessments
Participate in security- related projects as a Subject Matter Expert (SME).
Help in the design of controls and/or requirements for SOC use cases.

EXPECTED RESULTS:

A comprehensive, accurate, and outcome- driven security dashboard provides regular, near real- time compliance and risk metrics to senior management and stakeholders like IT Managers Countries and the Core Security Community.
A comprehensive and compliant security governance framework is established and maintained
Security risks across IT and business environments are identified, assessed, managed, and effectively mitigated
Security policies and controls are consistently applied, up- to- date, and verified across the organization
Security- related projects successfully integrate security controls, requirements for SOC use cases, and robust risk assessments
Security exceptions are properly managed, documented, approved, tracked, and minimized
Third- party vendor risks are assessed and managed, with their security practices aligned to organizational policies
Compliance with security policies and standards is verified through internal and external audits, with corrective actions effectively implemented

Yêu cầu công việc

Qualifications

Relevant certifications such as CISSP, CISM, or CRISC are highly desirable.
Bachelor&039;s degree in Computer Science, Information Technology, or a related field. Master&039;s degree preferred.

Experience

Minimum of 8 years of experience in security risk management and compliance
Proficiency in developing and managing security policies, controls, and risk management processes.
Extensive knowledge of governance frameworks, including NIST, ISO27001, and other relevant standards.

Competencies

Strong analytical and problem- solving skills, with the ability to assess complex security scenarios and develop effective solutions.
Excellent communication skills, both written and verbal, with the ability to convey technical concepts to non- technical stakeholders.

Language(s)

Fluency in English, both speaking and writing, as communication with teams across our global organization is required.

Other Requirements

Full- time position based at any Global hub location, such as Asia or Africa.
Occasional travel may be required for collaboration with global IT teams and participation in security conferences and workshops.

Free parking batch
Birthday Gift, Staff Gift
Annual Health Check, Year End Party: once per year
Health Insurance (Generali care 24/24 Insurance)
Company Trip, Team Building, Family Day: twice per year

Cập nhật gần nhất lúc: 2025-06-30 17:30:02