Security GRC Assistant Manager

Assistant Manager - Security GRC

Overview:

We are seeking an experienced Security GRC Specialist to lead our compliance initiatives. In this role, you will be the subject matter expert responsible for implementing, and maturing our security compliance framework. You will ensure our security posture not only meets but exceeds industry best practices and complex regulatory standards, directly contributing to the trust and security our clients place in us.

Key Responsibilities:

• Strategic Compliance Leadership: Drive the strategy, design, and implementation of a comprehensive compliance framework. Lead initiatives for achieving and maintaining certifications such as ISO 27001, ISO 27701, and SOC 1/2 reports.
• Risk Management & Assurance: Own the end-to-end third-party risk management program. Act as the primary point of contact for all regulatory and client-driven due diligence, leading responses to security assessments and audits.
• In-depth Control Assessment: Lead and perform internal and external security and control assessments. Report findings to senior leadership, providing strategic recommendations and driving remediation efforts to mitigate risks effectively.
• Process Architecture & Enhancement: Proactively identify and assess emerging risks and compliance requirements. Architect process enhancements to ensure our security controls remain robust and effective against evolving threats.
• Stakeholder Influence & Advisory: Serve as an advisor to technical and business stakeholders. Provide expert guidance on compliance implications for new products and business initiatives, ensuring security is embedded from the outset.

Qualifications:

• Bachelor’s degree in Computer Science, Information Systems, or a related technical discipline.
• A minimum of 4+ years of progressive experience in Security Risk Management, Governance & Compliance, or a similar role.
• Demonstrated, in-depth experience architecting and managing compliance programs against frameworks such as MAS Technology Risk Management (TRM) Guidelines, NIST Cybersecurity Framework, ISO 27001/27701, SOC 2, and GDPR.
• Professional certifications such as CISA, CISSP, CISM, CRISC, or equivalent are highly desirable.
• Proven ability to lead complex projects, with exceptional analytical and strategic problem-solving skills.
• Excellent communication, negotiation, and influencing skills, with the ability to articulate complex concepts to both technical and non-technical audiences.