Compliance and Regulatory Risk Lead

Purpose of the Role:

K2 is an international developer, owner and operator of hyper-scale digital infrastructure assets. We are the specialists in providing critical digital infrastructure in the form of Data Centre environments to leading technology companies, we lay the physical foundations of the internet, cloud services and tomorrow's digital solutions, today.

We are seeking a highly skilled professional to lead our compliance and regulatory risk initiatives. The ideal candidate should excel in financial, operational, and IT audits while possessing strong project management skills. This role will involve developing and overseeing a comprehensive Governance, Risk and Compliance (GRC) program, managing change processes, and leading external engagements.

Responsibilities

1. Audit and Risk Management:

   • Develop and oversee a comprehensive Governance, Risk and Compliance (GRC) program that aligns with industry best practices and regulatory requirements.

   • Lead the planning, coordination, and execution of internal audits and external (non-statutory) reviews, including ISO27001, SOC 2 Type 2, ISO14001 and ISO45001. Collaborate closely with auditors and internal stakeholders to ensure smooth, timely processes and accurate documentation.

2. Issue Resolution & Remediation:

   • Review audit findings and work with process owners to develop robust action plans. Monitor the timely and effective implementation of corrective measures.

   • Lead and support investigations related to compliance breaches or governance failures by identifying root causes of issues and quantifying potential financial, operational, and reputational risks.

   • Develop recommendations that effectively mitigate identified risks and follow up in a timely manner.

3. Training & Awareness:

   • Champion the development and delivery of training programs for employees to build awareness on risk control and embed a risk-conscious mindset throughout the organization.

   • Conduct regular assessments and updates to ensure training materials remain current and relevant.

4. Stakeholder Engagement:

   • Engage with key stakeholders, including external partners, regulatory bodies, and internal departments, to ensure seamless collaboration and compliance adherence.

   • Present findings and recommendations at executive level meetings to drive strategic decision-making.

Working Environment:

• Primarily office-based with regular collaboration across departments and regions.

• Approximately 15-20% overseas travel is expected.

Interpersonal Requirements

• Excellent communication, negotiation and interpersonal skills.

• Systematic and structured approach with the ability to work independently and build strong relationships with key stakeholders.

Skills set and Qualifications Requirements

• Minimum of 12 years’ relevant working experience with proven experience in supervisory positions. Relevant exposure to the data center industry will be an advantage.

• Bachelor's Degree in Information Technology, Business, or related fields.

• Possess professional certification or audit qualification such as Certified Internal Auditor (CIA), Chartered Accountant (CA), Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).

• Strong understanding of complex business processes, their related risks, and controls. Ability to recommend opportunities for control improvements.

• Excellent leadership skills, able to effectively lead engagements and deliver impactful work in a fast-paced environment.