Job Summary
Company Name
About the Business & Position Overview
G&B GRC Program Support
Job Profile
Key Responsibilities
G&B GRC Program Support
Compliance Management
Risk Management
Job Description
- Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements.
- Assist with implementation of ISMS across the organisation entities.
- Assess efficacy of security controls, document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
- Ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
- Well versed with well-known security frameworks such as ISO 27001:2013 and 2022 / NIST CSF / ISO 22301 / STRIDE / MITRE etc.
- Develop relevant metrics, analyse data, identify trends and help drive improvements to the control environment.
- Remains current on best practices and technological advancements
- Drive security awareness program across the organisation

Qualification Details
Essential Qualification: - Graduate in any discipline (Preferably in IT / Computer Science)- Broad level of knowledge of security and risk issues and techniques across platforms.- Excellent knowledge of methodologies, processes and tools associated with supporting this function effectively.
Preferred Qualification: same as above
Experience Details
Essential Experience: - Must have GRC experience for at least 2-3 years.- Experience of leading an ISMS as part of an ISO27001 certified programme.- Excellent interpersonal skills, comfortable working at all levels within an organisation and in a wide variety of situations.
Preferred Experience: same as above
Special Skill
Essential : Relevant industry certification such as ISO 27001 Lead Auditor, CEH/ CISA / CCSP etc. (at least one) is highly desirable.
- Strong security mindset
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions
- Questions status quo and navigates through roadblocks.
- Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions
- Using judgment and ingenuity in maintaining objectives and technical standards
- Strong communication skills and stakeholder management
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, etc.

Preferred : same as above