Lead - GRC

• Implement security controls, risk assessment framework, and program that align to best practices and regulatory requirements.
• Assist with implementation of ISMS across the organisation entities .
• Good understanding of the security technologies such as DLP, NGAV, EDR, CASB, Firewall, Proxy, Email ATP, WAF etc
• we'll versed with we'll-known security frameworks such as ISO 27001:2013 / NIST CSF / PCI DSS / ISO 22301 / STRIDE / MITRE etc
• Ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
• Assess efficacy of security controls, document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
• Ensure third party security assessments - Assist with Third Party Risk Management framework including policy updates, procedures, due diligence questionnaires and the monitoring of third parties adherence to information security and data privacy obligations.
• Develop relevant metrics, analyse data, identify trends and help drive improvements to the control environment .
• Remains current on best practices and technological advancements
• Drive security awareness program across the organisation

• Applicable information security management, governance, and compliance principles, practices laws, rules and regulations
• we'll versed with we'll-known security frameworks such as ISO 27001:2013 / NIST CSF / PCI DSS / ISO 22301 / STRIDE / MITRE etc
• Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols
• Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, etc
• Good understanding of the basic security technologies such as DLP, NGAV, EDR, CASB, PIM/PAM, Firewall, Proxy, Email security, Cloud Security, WAF etc
• Information systems auditing, monitoring, controlling, and assessment process
• Incident response management
• Risk assessment and management methodology

• Strong security mindset
• Developing and implementing enterprise governance, risk, and compliance strategy and solutions
• Questions status quo and navigates through roadblocks
• Security project management and planning
• Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions
• Using judgment and ingenuity in maintaining objectives and technical standards

Ability :

• Self-motivating and able to work under own initiative.
• Professional with a strong work ethic.
• Able to thrive in a highly pressurised and changing environment.
• Diplomatic with the ability to interact successfully with all levels of the business.
• An ability to translate security requirements and standards into easily understood business concepts and vice versa.

• Must have GRC experience for at least 10 - 1 5 years.
• Experience of leading an ISMS as part of an ISO27001 certified programme .
• Excellent interpersonal skills, comfortable working at all levels within an organisation and in a wide variety of situations.
• Relevant industry certification such as ISO 27001 Lead Auditor, CISSP / CISA / CISM / CCSP etc (at least two) is highly desirable.
• Broad level of knowledge of security and risk issues and techniques across platforms.