Job Description

About the Role: It's an exciting time within Olympus as we shape our IT function into a Global IT operating model. As such, we are seeking to appoint a full-time Governance Risk and Compliance (GRC) About the Role: It's an exciting time within Olympus as we shape our IT function into a Global IT operating model. As such, we are seeking to appoint a full-time Governance Risk and Compliance (GRC) Lead to support the Olympus cybersecurity mission. Reporting to the Head of IT Security, the GRC lead will be accountable for providing oversight of the GRC Task Area and to ensure effective management, collaboration, and coordination of several key cybersecurity support areas including the following: IT Security Strategy and projects Policy and Standards Management Enterprise Governance, Risk Management, and Compliance Support. Security Compliance, Vulnerability, Risk and Vendor Management Services Data Privacy Management (General Data Protection Regulation 'GDPR', California Consumer Privacy Act 'CCPA') Metrics, KPIs and Dashboard reporting You will lead the global GRC team, with direct reports in the USA, EMEA, China, Japan and Asia-Pacific, to deliver relevant projects, information and support to the regions. Setting the evaluation standards of the IT security program, the GRC Lead is accountable for developing governance strategy, establishing governance and quality standards, recommending tools and techniques, providing training and support, ensuring compliance globally to drive business value and operational efficiencies, and reporting to leadership. In addition, the GRC Lead will partner with a region and be the key contact for the regional CIO and local business. They will be the point person for coordinating any necessary regional incidents, information security & privacy meetings, ensuring an understanding of local/regional laws and regulations that need to be followed are understood and that any regional needs are addressed appropriately with the Global IT Security team. Furthermore, your role includes the following responsibilities: Security Architecture reviews, Security Operations, IT Security Projects, Compliance, Policies, Controls, Standards, Audits, Global/Regional Regulations, IT budget preparations, Board meetings, CxO reviews and presentations, etc. GRC Capability Areas such as enterprise security risk management, compliance management, policy management, security awareness training, third party risk management, metrics and reporting. Cyber Security strategy, policies, procedures, reporting Compliance programs, reviews and reporting, ensuring compliance with the changing laws and applicable regulations. Led the Global GRC teams, employees, contractors and vendors including hiring and mentoring. Provide training and mentoring to Security team members. IT Security systems - Direct and approve the design of IT Security systems, brief the executive team on IT Security status and risks, including taking the role of champion for the overall strategy and necessary budget. Communicate best practices and risks to all parts of the business, outside IT. Regional support - Ensuring regional teams are appropriately skilled in IT Security, ensuring regional support is available for collaboration with Olympus businesses and MSPs and providing regional support for any security incidents or operational issues. Manage the GRC tool with updated IT risk register, controls, gaps, remediation and reporting. Coordinate and track all information technology and security related audits. Work closely with other security tower leads to provide guidance and mentorship as well as MSP's, and business teams to drive towards a cohesive view of security risk and drive open remediation items to closure globally. About Olympus: Our purpose at Olympus is to make peoples' lives healthier, safer and more fulfilling . We do this through innovation. As a technology pioneer, we design and deliver solutions across our Medical division that make a positive contribution to society. Our products are used to capture the medical and diagnostic images of our world, from the microscopic to the endoscopic. They are instrumental for travelling inside the human body to help diagnose, treat and prevent illness. Our commitment to customers and our social responsibility is the cornerstone of everything we do. Why work at Olympus At Olympus, we are dedicated to fostering a high-performing culture, a collaborative environment, and enabling everyone to shine. Our common values of Integrity, Empathy, Long-Term View, Agility and Unity form the foundation of our culture and guide our behaviour, where our people feel like they are making a difference every single day. Not only will you benefit from a meaningful, rewarding and challenging career, you will also have access to a range of benefits: A competitive salary package + AWS + Variable Bonus Hybrid work arrangements. Health and Wellbeing initiatives (Annual Medical Check-ups, Flu Vaccinations, Dental benefits, and Employee Assistance Programs) What we are looking for: You are a proactive, achievement-orientated senior cyber-professional with extensive knowledge and understanding of GRC tools. Your extensive and up-to-date knowledge of cybersecurity and experience in IT projects, evaluation and cybersecurity combined with extensive team leadership, consultation and communication skills will support your success in this role. You will have demonstrated competence in relevant areas, such as: Translating, tracking, and prioritizing information needs and intelligence collection requirements across the extended enterprise. Cybersecurity Risk Management and Support Services, Audit Preparation and Response. International Traffic in Arms Regulations ' ITAR'. Enterprise Cloud Security & Federal Risk & Authorization Management Program 'FedRAMP'. (Specific to US candidates). NIST, ISO 27001, ITIL, CoBIT, GDPR, JSox, etc. Enterprise Cybersecurity Governance - Policy Support Services, Cybersecurity Training and Awareness Support Services, Cybersecurity Compliance and Vulnerability Management Support Services. Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI). Service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). Conducting audits or reviews of technical systems. Good working understanding of major business processes, key performance indicators, best-in-class practices, business, and technology trends. Tertiary qualification in a relevant discipline, or suitable professional experience in Computer Science or Business Administration. You will be a team player willing to work on an alternate shift to support the Head of IT Security to cover the global region 24/7. Significant experience leading an IT team.