Governance Risk and Compliance Specialist

We are seeking a Compliance Governance Specialist to lead our organization's Governance, Risk, and Compliance (GRC) strategies and processes. As the primary GRC authority, you will work closely with other partners such as Legal, Risk, Internal Audit, etc. to ensure alignment of our IT and Enterprise risk management framework with business objectives and regulatory requirements.

• About the Role:
  • This is an exciting opportunity for a Compliance Governance Specialist to join our team and contribute to the development and implementation of effective governance, risk management, and compliance strategies.
  • You will be responsible for identifying, tracking, and addressing potential risks while proactively improving our overall GRC posture.
• Main Responsibilities:
  • Third Party Risk Management:
    • Act as local point of contact for IT Third Party Risk Management Program.
    • Maintain chosen GRC platform to programmatically capture Cyber/IT risks, timely analysis to enable risk control and reporting.
    • Implement security controls, risk assessment framework, and program that aligns to regulatory requirements, chosen frameworks, and other internal requirements through collaboration with other key department partners.
    • Develop performance measures, dashboards, and evidence artifacts.
  • Policy and Procedure Management:
    • Develop, maintain, and supervise implementation and adherence to regional Cybersecurity and GRC Policies and Processes to ensure compliance with applicable laws, regulations, and chosen industry standard frameworks including communications and training.
    • Collaborate with partners from other core organizations (e.g., Legal, Audit) to ensure Cybersecurity and GRC components are accounted for in collaborative enterprise-wide policies, and processes.
    • Define and detail security processes responsibilities and ownership of the controls in GRC tool.
    • Schedule regular assessments and testing of effectiveness and efficiency of controls and build reports.
  • Audit and Compliance Management:
    • Assist with all global regulatory and compliance assessments to include ISMS, MLPS, GDPR, SOX, NIST CSF, and PCI.
    • Develop and implement controls and documentation for all applicable security and/or privacy regulations within the APAC region.
    • Coordinate with internal and external auditors to facilitate audits, with the goal of assuring IT and Enterprise compliance and addressing potential issues proactively.
    • Guide IT and other Enterprise organizations to successfully achieve required compliance.
    • Work with partners and Subject Matter Authorities on deficiency remediation as a result of audit or internal control findings.
  • Risk Management:
    • Responsible for maintaining the Cybersecurity Risk Register and collaborating with other Risk collaborators throughout the enterprise for inclusion in overall risk reporting.
    • Work with business owners of known risks for remediation or compensating controls for policy adherence.
    • Facilitate documentation and approval process for Risk Acceptance, in accordance with Cybersecurity policy and applicable frameworks.

Key Skills and Qualifications:

• Proven experience in Governance, Risk, and Compliance (GRC) functions.
• Strong knowledge of IT and Enterprise risk management frameworks and regulations.
• Excellent communication and interpersonal skills.
• Able to work collaboratively in a team environment.

Benefits:

• Opportunity to work in a dynamic and fast-paced environment.
• Chance to develop and implement innovative GRC strategies and solutions.
• Professional growth and development opportunities.

Others:

• We offer a competitive salary and benefits package.
• We are committed to diversity and inclusion in the workplace.