Job Scope / Position Summary
The, Information Security GRC (Governance, Risk & Compliance) provides senior leadership and direction to all security GRC-related initiatives. In addition to providing strategic input to the security strategy and roadmap. The position is hands-on and requires tactical management of the security GRC processes, frameworks, and tools working with a team of security professionals. The position also requires an in-depth knowledge of the regulations (e.g., RMIT, GPIS, ) and best security practices (e.g., NIST, ISO) applicable to the financial industry
.
It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security GRC practices and processes including the use of GRC tools such as Archer. The position also assists with the development of capital and operating funding requirements for all security GRC programs and projects as part of the annual budget process and monthly financial reportin
g.
The ideal candidate is a leader of people and provides mentoring and coaching to their team of security professionals to ensure they perform optimally and are able to achieve their professional goals. Furthermore, the Security GRC Manager is a strong collaborator with the CISO, all the security team members, and across the organizati
on.
Main Responsibi
- lity
Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyse trends in security events, activ - itiesManage any security business practice irregularities, violations and infractions including exceptions, risk memos, security position
- memosPrepare annual detailed plans for security reviews/audits and any other compliance tasks required internally or exter
- nallyTransform the Technical security Management policy area to be risk based meeting all GRC require
- mentsGain and sustain a broad in-depth knowledge of security control, compliance, and auditing frameworks and apply these to the leadership of Information Security projects and proc
- essesConsult and advise regarding security compliance requirements pertaining to applicable laws, regulations, and other governance require
- mentsConduct ongoing risk assessments and develop and execute risk-response plans to address high-risk areas. Measure, report, and explain IT risks to stakeho
- ldersOwn, assess, create, and update Information Security policies, standards, and controls, and support P&G in effectively implementing these across the global IT organiz
- ationManage policy strategy, development, deployment, training, enhancement, and maintenance across the policy lifecycle and align top priorities with Information Security Leade
- rshipCollaborate with IT Operations Teams to ensure alignment to controls and procedures. Consult with cross-functional stakeholders on risks relevant to their proc
- essesMonitor the effectiveness of security controls and identify gaps in compliance. Analyse control measurements for negative trends and reoccurrence freq
- uencyLead Information Security projects and initiatives that improve compliance across the organiz
- ationCollaborate with internal/external auditors on compliance audits, audit findings, and issue remedi
- ationBuild IT risk awareness by providing support and training to ot
hers.
Qualification and Experience Requi
- rement
Bachelor's degree (or equivalent - ) in IT7 to 10 Years IT Exp
- eriencePossess at least 8 years of working experience related to information security practices particularly GRC d
- omains.Strong experience in technology controls review, risk assessment, policy review and control review type of engagements with clients of different nature and i
- ndustryHolder of security assessor certificates will be an added adv
- antage.Possess of information security certifications, such as CISA/CISM/CRIS
- C/CISSPProject management experience highly pr
- eferredHave good written communication and report writing
skills
