Security GRC II
The Security GRC II is responsible for defining, implementing, and coordinating the Governance, Risk, and Compliance (GRC) function within the organization. This role includes establishing and maintaining information security policies and procedures, ensuring compliance with regulatory or legal requirements, aligning with the organization's risk appetite, tracking and monitoring overall information security posture, and assisting incident response processes. The Security GRC II plays a critical role in protecting the company's information assets and maintaining compliance with industry standards.
Key Responsibilities
- Security Governance & Compliance: Oversee the organization's IT policies and procedures, ensuring compliance with regulatory requirements, legal obligation, industry best practices, and the organization's risk tolerance.
- Risk Assessment: Conduct end-to-end IT risk assessments for various information systems, services, and processes, identifying potential vulnerabilities and recommending mitigating actions.
- Regulatory Compliance: Perform regulatory risk assessments to ensure adherence to local and international regulations, including compliance with ISO27001 and other relevant standards.
- Security Awareness & Training: Develop and promote organization-wide Information Security awareness programs and training, leveraging innovative channels and methods to engage employees.
- GRC Reporting & Metrics: Establish a clear and transparent reporting process for Security GRC, including the development of security dashboards and metrics to monitor compliance and risk levels.
- Subject Matter Expert (SME): Serve as the SME for Security GRC, advising stakeholders on information security best practices, regulatory requirements, and risk management.
- Third-Party Risk Management: Manage the third-party security risk assessment process, ensuring that external partners comply with security policies and that any risks are identified and mitigated.
- Incident Response Handling: Assisting Incident Manager in assessing and escalating information security related incidents.
Qualifications
- 3-7 years of experience in security policy and controls development or incident handling.
- Strong technical knowledge of security systems in cloud environment (AWS / Azure / GCP)
- Strong analytical skills, with excellent written and verbal communication abilities.
- Adaptability and flexibility to thrive in a fast-paced and constantly changing environment.
- Working experiences in start up / consultancy / financial industry / technology is preferred.
This position offers the opportunity to play a pivotal role in ensuring the security and compliance of the organization while driving continuous improvement in the GRC function.