Security Risk & Compliance Manager

REPORT TO: Group Security Manager (CISO)
JOB PURPOSE:

The Security Risk & Compliance Manager will play a critical role in ensuring the organization&039;s adherence to security standards and regulatory requirements. This position demands a deep understanding of risk management principles, governance frameworks, and compliance best practices across IT and business environments. The role requires significant cooperation with local business units (BUs). It can be located in any “Global hub” location, such as Asia or Africa. Additionally, the role participates in security- related projects as a Subject Matter Expert (SME), specifically for helping in the design of controls and/or requirements for SOC use cases and assisting in Business Impact Analyses (BIA) and risk assessments

ACCOUNTABILITY:
Security Governance

Ensure compliance with industry standards and regulations.
Collaborate with stakeholders to promote security awareness and best practices.
Develop and enforce security policies, procedures, and controls.
Establish and maintain a comprehensive security governance framework.

Policies & Controls

Conduct regular reviews and updates to policies to reflect evolving threats and compliance requirements.
Cooperate with QA for storing policies using their tooling.
Ensure consistent application of security policies across the organization.
Create, update, and manage security policies and controls.
Cooperate with finance for executing the controls using their tooling.
Ensure policies contain key controls and verify these controls with Group IT and local BUs.

Risk Management

Develop risk mitigation strategies and action plans.
Perform regular risk assessments and audits to ensure compliance with risk management policies.
Align with the business on risks and important topics such as IT continuity and disaster recovery.
Identify, assess, and manage security risks across IT and business environments.

3rd Party Risk Management

Assess and manage risks associated with third- party vendors and partners.
Establish and maintain third- party risk management procedures and controls
Ensure third- party security practices align with organizational policies and standards.

Exception Management

Manage and document security exceptions and deviations from established policies.
Ensure proper approval and tracking of exceptions.
Develop strategies to minimize exceptions and improve compliance.

Dashboarding & Metrics

Perform hands- on tasks to determine what should be included in the operational security section of the dashboard.
Develop and periodically deliver a security dashboard with outcome- driven compliance and risk metrics. Aim to achieve near real- time reporting capabilities over time.
Provide regular reporting on security posture and compliance status to senior management.
Develop and maintain a comprehensive reporting dashboard that includes operational security, compliance, and risk management sections.
Act as the owner of the reporting dashboard, ensuring its accuracy and relevance.
Utilize metrics to drive continuous improvement in security practices.

Audit

Develop and implement corrective actions based on audit findings
Collaborate with external auditors and regulatory bodies during compliance audits.
Conduct internal audits to verify compliance with security policies and standards.

Project Participation

Help in the design of controls and/or requirements for SOC use cases.
Participate in security- related projects as a Subject Matter Expert (SME).
Assist in Business Impact Analyses (BIA) and risk assessments

EXPECTED RESULTS:

Security- related projects successfully integrate security controls, requirements for SOC use cases, and robust risk assessments
Security policies and controls are consistently applied, up- to- date, and verified across the organization
Security exceptions are properly managed, documented, approved, tracked, and minimized
Security risks across IT and business environments are identified, assessed, managed, and effectively mitigated
A comprehensive, accurate, and outcome- driven security dashboard provides regular, near real- time compliance and risk metrics to senior management and stakeholders like IT Managers Countries and the Core Security Community.
A comprehensive and compliant security governance framework is established and maintained
Compliance with security policies and standards is verified through internal and external audits, with corrective actions effectively implemented
Third- party vendor risks are assessed and managed, with their security practices aligned to organizational policies

Qualifications

Relevant certifications such as CISSP, CISM, or CRISC are highly desirable.
Bachelor&039;s degree in Computer Science, Information Technology, or a related field. Master&039;s degree preferred.

Experience

Proficiency in developing and managing security policies, controls, and risk management processes.
Minimum of 8 years of experience in security risk management and compliance
Extensive knowledge of governance frameworks, including NIST, ISO27001, and other relevant standards.

Competencies

Excellent communication skills, both written and verbal, with the ability to convey technical concepts to non- technical stakeholders.
Strong analytical and problem- solving skills, with the ability to assess complex security scenarios and develop effective solutions.

Language(s)

Fluency in English, both speaking and writing, as communication with teams across our global organization is required.

Other Requirements

Occasional travel may be required for collaboration with global IT teams and participation in security conferences and workshops.
Full- time position based at any Global hub location, such as Asia or Africa.

Chế độ bảo hiểm, Du Lịch, Phụ cấp, Đồng phục, Chế độ thưởng, Chăm sóc sức khỏe, Đào tạo, Tăng lương, Công tác phí, Nghỉ phép năm, CLB thể thao

Cập nhật gần nhất lúc: 2025-09-05 00:05:02