Job Description

Lead IT Security GRC

Job Summary: Document, monitor and improve the effectiveness of IT operating controls, risk management, and governance processes for Information Security. Participate in or lead audits from external regulators and internal functions including tracking deliverables, tasks, and corrective actions; perform assessments to identify continuous improvements; ensure compliance with regulations, company policies and IT controls; coordinate the audit processes including preparing, hosting, and then reviewing, analyzing, and reporting findings internally; track remediation to ensure follow up until closure; and compile and report on regional IS compliance-related KPIs. Specific Responsibilities Include:

• Define, plan and manage Information Security assessments and activities across APAC sites
• Ensure compliance with regulatory requirements and internal policies, and report on compliance gaps and design and lead remediation plans to address identified gaps
• Ensure successful internal and external audits and certifications for IT
• Act as single point of contact and prepare for audit by researching materials, formulating a plan of action, and identifying and preparing SMEs and evidence.
• Support external auditors by coordinating information requirements.
• Ensure compliance with regulations and controls by examining and analyzing records, reports, operating practices, and documentation; recommend opportunities to strengthen internal control structure and compliance
• Evaluate new products and services to determine compliance with laws and regulations by which GlobalFoundries must abide and best practices
• Perform and document security assessments by documenting evaluation methods and findings, for example, system security plans with plan of action and milestones.
• Communicate assessment progress and findings by preparing presentations, facilitating meetings, and providing information through various means.
• Develop, review and revise IT policies, procedures, and standards
• Help lead IT risk assessment and treatment program, including identification of risks and ensuring implementation of mitigating controls and mapping to authoritative sources and projects
• Enhance Information Security compliance department and organization reputation by accepting ownership for accomplishing new and different requests and projects and exploring opportunities to add value to the team
• Assist in globalization and alignment of Information Security compliance
  

Required Qualifications:

• Experience leading / working with ISO 27001 audits and programs
• Experience leading / working with NIST frameworks and special publications
• Minimum 5 years’ experience in one or more of the relevant disciplines: IT, Information Security, Operational Audit, Compliance
• Bachelor’s Degree in Computer Science, Information Systems, Information Security, or equivalent experience
  

Preferred Qualifications:

• IIA/CISA certified
• Certifications in COBIT, ISO, and other pertinent professional certifications in computer technology, auditing, compliance or related areas
• Certification or experience in project management
• Prior experience with SOX, GDPR
• Experience working with Risk Management
• Attention to detail
• Team player
• Strong ability to drive execution and meet strict deadlines
• Results Oriented
• Ability to communicate effectively with all levels of personnel
• Accountability
• Analytical Thinking
• Continuous Process Improvement
• Problem Solving
• Technical Expertise, e.g. COBIT
• Working knowledge of ServiceNow

Information about our benefits you can find here: https://gf.com/about-us/careers/opportunities-asia GLOBALFOUNDRIES is an equal opportunity employer, cultivating a diverse and inclusive workforce. We believe having a multicultural workplace enhances productivity, efficiency and innovation whilst our employees feel truly respected, valued and heard.
As an affirmative employer, all qualified applicants are considered for employment regardless of age, ethnicity, marital status, citizenship, race, religion, political affiliation, gender, sexual orientation and medical and/or physical abilities.
All offers of employment with GLOBALFOUNDRIES are conditioned upon the successful completion of background checks, medical screenings as applicable and subject to the respective local laws and regulations.