REPORT TO: Group Security Manager (CISO)
JOB PURPOSE:
- The Security Risk & Compliance Manager will play a critical role in ensuring the organization&039;s adherence to security standards and regulatory requirements. This position demands a deep understanding of risk management principles, governance frameworks, and compliance best practices across IT and business environments. The role requires significant cooperation with local business units (BUs). It can be located in any “Global hub” location, such as Asia or Africa. Additionally, the role participates in security- related projects as a Subject Matter Expert (SME), specifically for helping in the design of controls and/or requirements for SOC use cases and assisting in Business Impact Analyses (BIA) and risk assessments
ACCOUNTABILITY:
Security Governance
- Develop and enforce security policies, procedures, and controls.
- Establish and maintain a comprehensive security governance framework.
- Ensure compliance with industry standards and regulations.
- Collaborate with stakeholders to promote security awareness and best practices.
Policies & Controls
- Cooperate with finance for executing the controls using their tooling.
- Cooperate with QA for storing policies using their tooling.
- Create, update, and manage security policies and controls.
- Ensure consistent application of security policies across the organization.
- Ensure policies contain key controls and verify these controls with Group IT and local BUs.
- Conduct regular reviews and updates to policies to reflect evolving threats and compliance requirements.
Risk Management
- Develop risk mitigation strategies and action plans.
- Identify, assess, and manage security risks across IT and business environments.
- Align with the business on risks and important topics such as IT continuity and disaster recovery.
- Perform regular risk assessments and audits to ensure compliance with risk management policies.
3rd Party Risk Management
- Ensure third- party security practices align with organizational policies and standards.
- Establish and maintain third- party risk management procedures and controls
- Assess and manage risks associated with third- party vendors and partners.
Exception Management
- Develop strategies to minimize exceptions and improve compliance.
- Ensure proper approval and tracking of exceptions.
- Manage and document security exceptions and deviations from established policies.
Dashboarding & Metrics
- Provide regular reporting on security posture and compliance status to senior management.
- Utilize metrics to drive continuous improvement in security practices.
- Perform hands- on tasks to determine what should be included in the operational security section of the dashboard.
- Act as the owner of the reporting dashboard, ensuring its accuracy and relevance.
- Develop and maintain a comprehensive reporting dashboard that includes operational security, compliance, and risk management sections.
- Develop and periodically deliver a security dashboard with outcome- driven compliance and risk metrics. Aim to achieve near real- time reporting capabilities over time.
Audit
- Conduct internal audits to verify compliance with security policies and standards.
- Collaborate with external auditors and regulatory bodies during compliance audits.
- Develop and implement corrective actions based on audit findings
Project Participation
- Participate in security- related projects as a Subject Matter Expert (SME).
- Help in the design of controls and/or requirements for SOC use cases.
- Assist in Business Impact Analyses (BIA) and risk assessments
EXPECTED RESULTS:
- Security risks across IT and business environments are identified, assessed, managed, and effectively mitigated
- Compliance with security policies and standards is verified through internal and external audits, with corrective actions effectively implemented
- A comprehensive, accurate, and outcome- driven security dashboard provides regular, near real- time compliance and risk metrics to senior management and stakeholders like IT Managers Countries and the Core Security Community.
- Security- related projects successfully integrate security controls, requirements for SOC use cases, and robust risk assessments.
- Security exceptions are properly managed, documented, approved, tracked, and minimized
- Security policies and controls are consistently applied, up- to- date, and verified across the organization
- A comprehensive and compliant security governance framework is established and maintained
- Third- party vendor risks are assessed and managed, with their security practices aligned to organizational policies
