MANAGER, Security Governance, Risk & Compliance- Job Scope / Position Summary
The, Information Security GRC (Governance, Risk & Compliance) provides senior leadership and direction to all security GRC-related initiatives. In addition to providing strategic input to the security strategy and roadmap. The position is hands-on and requires tactical management of the security GRC processes, frameworks, and tools working with a team of security professionals. The position also requires an in-depth knowledge of the regulations (e.g., RMIT, GPIS, ) and best security practices (e.g., NIST, ISO) applicable to the financial industry.
It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security GRC practices and processes including the use of GRC tools such as Archer. The position also assists with the development of capital and operating funding requirements for all security GRC programs and projects as part of the annual budget process and monthly financial reporting. The ideal candidate is a leader of people and provides mentoring and coaching to their team of security professionals to ensure they perform optimally and are able to achieve their professional goals. Furthermore, the Security GRC Manager is a strong collaborator with the CISO, all the security team members, and across the organization.
Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyse trends in security events, activities- Manage any security business practice irregularities, violations and infractions including exceptions, risk memos, security position memos
Prepare annual detailed plans for security reviews/audits and any other compliance tasks required internally or externally
- Transform the Technical security Management policy area to be risk based meeting all GRC requirements
Gain and sustain a broad in-depth knowledge of security control, compliance, and auditing frameworks and apply these to the leadership of Information Security projects and processes- Consult and advise regarding security compliance requirements pertaining to applicable laws, regulations, and other governance requirements
Conduct ongoing risk assessments and develop and execute risk-response plans to address high-risk areas. Measure, report, and explain IT risks to stakeholders
- Own, assess, create, and update Information Security policies, standards, and controls, and support P&G in effectively implementing these across the global IT organization
Manage policy strategy, development, deployment, training, enhancement, and maintenance across the policy lifecycle and align top priorities with Information Security Leadership- Collaborate with IT Operations Teams to ensure alignment to controls and procedures.
Consult with cross-functional stakeholders on risks relevant to their processes
- Monitor the effectiveness of security controls and identify gaps in compliance. Analyse control measurements for negative trends and reoccurrence frequency
Lead Information Security projects and initiatives that improve compliance across the organization- Collaborate with internal/external auditors on compliance audits, audit findings, and issue remediation
Build IT risk awareness by providing support and training to others.
- Qualification and Experience Requirement
Education : Bachelor's degree (or equivalent) in IT
Experience : 7 to 10 Years IT Experience
Skills :
- Possess at least 8 years of working experience related to information security practices particularly GRC domains.
Strong experience in technology controls review, risk assessment, policy review and control review type of engagements with clients of different nature and industry
- Holder of security assessor certificates will be an added advantage.
Possess of information security certifications, such as CISA/CISM/CRISC/CISSP- Project management experience highly preferred
Have good written communication and report writing skills
Job Type: Full-time
Pay: RM9,
- 00 - RM11,000.00 per month