Manager - Information Security Risk and Compliance

• Implement risk management processes and capability to enable continuous monitoring of control effectiveness and key risk indicators.
  • Identify, assess, and prioritize security risks associated with the group's Information assets, systems, and services.
  • Develop and implement security risk mitigation strategies and control measures to protect critical assets and sensitive information.
  • Evaluate and manage cybersecurity risks associated with third-party vendors and service providers.
  • Collaborate with procurement and legal teams to ensure that vendor contracts include appropriate security requirements.

Policy & Compliance Management

• Develop, review, and update information security policies, standards, and procedures aligned to security strategy, relevant regulations, and industry best practices.
• Collaborate with cross-functional teams, service providers and other stakeholders to ensure consistent enforcement of policies and monitor compliance.
• Ensure the organization's adherence to applicable compliance frameworks, internal control framework and guidelines set out by the Information Security department.
• Facilitate and lead governance and risk committee meetings to ensure consistent application of security standards and policies across all projects, technology platforms and services.
  

Security Audits and Assessments

• Conduct regular security audits and risk assessments to identify vulnerabilities and consistently work towards the improvement of overall security maturity of the organization.
• Coordinate penetration testing and vulnerability assessments, interpreting results and driving remediation efforts.
• Prepare and present regular reports on security risk, compliance status, and security posture to senior management and relevant stakeholders.