Job Description

The GRC Lead will be responsible for responsible for initiating, running, and managing information security governance, risk management, audits, and compliance with SOX and other relevant regulations. Successful candidate is expected to plan, initiate, coordinate, and run the Governance, Risk, and Compliance activities, including running the information security awareness program, and producing the reports and presenting them to the management, coordinating the resolution of outstanding security and IT audit issues, and tracking the overall risk and audit points, to keep the company's security risk at acceptable level.


This position reports to Senior Director, GIS.



Develop, maintain, and enhance the Information Security Management System (ISMS) in alignment with ISO 27001 and other relevant security frameworks such as NIST CSF and CIS CSC. Lead and manage the organization's SOX ITGC, ISO 27001, CIS CSC, and NIST CSF programs, ensuring compliance with regulatory requirements and industry best practices. Monitors compliance with the organization's security policies, standards and procedures among employees, contractors, and other third parties and drive the necessary corrective actions including running the relevant infosec awareness training program. Support and participate in the Enterprise Risk Management, SOX compliance, and personal data protection activities related to IT and information security - work closely with relevant departments and business units to develop the necessary policies and action plans. Lead and conduct regular information security risk assessment, vulnerability management and security review on IT assets and provision of exception/ exposure reporting and remediation plans to the Head of GIS, VP of Finance and the rest of Executive Leadership Team. Identify and communicate vulnerability and risk exposure to internal employees and key stakeholders, and senior management when deemed necessary. Review and ensure that new technology solutions and processes proposed comply with the Company's security policies as well as relevant regulations. Provide security requirements for new initiatives. Where necessary, provide security requirements for new initiatives, perform and document gap analysis against such requirements. * Lead and manage the lean GIS GRC team and work closely with key people with security responsibilities in different functions in the IT organization and business units. Where necessary, develop pragmatic security guidelines and operational documents, review and suggest changes to existing infosec related processes and procedures to improve the overall security posture of the enterprise.