Manager Information Security Governance, Risk & Compliance

Job Scope / Position Summary

The, Information Security GRC (Governance, Risk & Compliance) provides senior leadership and direction to all security GRC-related initiatives. In addition to providing strategic input to the security strategy and roadmap. The position is hands-on and requires tactical management of the security GRC processes, frameworks, and tools working with a team of security professionals. The position also requires an in-depth knowledge of the regulations (e.g., RMIT, GPIS, ) and best security practices (e.g., NIST, ISO) applicable to the financial industry.

It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security GRC practices and processes including the use of GRC tools such as Archer. The position also assists with the development of capital and operating funding requirements for all security GRC programs and projects as part of the annual budget process and monthly financial reporting.

The ideal candidate is a leader of people and provides mentoring and coaching to their team of security professionals to ensure they perform optimally and are able to achieve their professional goals. Furthermore, the Security GRC Manager is a strong collaborator with the CISO, all the security team members, and across the organization.

Main Responsibility

1. Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyse trends in security events, activities.
2. Manage any security business practice irregularities, violations and infractions including exceptions, risk memos, security position memos.
3. Prepare annual detailed plans for security reviews/audits and any other compliance tasks required internally or externally.
4. Transform the Technical security Management policy area to be risk based meeting all GRC requirements.
5. Gain and sustain a broad in-depth knowledge of security control, compliance, and auditing frameworks and apply these to the leadership of Information Security projects and processes.
6. Consult and advise regarding security compliance requirements pertaining to applicable laws, regulations, and other governance requirements.
7. Conduct ongoing risk assessments and develop and execute risk-response plans to address high-risk areas. Measure, report, and explain IT risks to stakeholders.
8. Own, assess, create, and update Information Security policies, standards, and controls, and support P&G in effectively implementing these across the global IT organization.
9. Manage policy strategy, development, deployment, training, enhancement, and maintenance across the policy lifecycle and align top priorities with Information Security Leadership.
10. Collaborate with IT Operations Teams to ensure alignment to controls and procedures. Consult with cross-functional stakeholders on risks relevant to their processes.
11. Monitor the effectiveness of security controls and identify gaps in compliance. Analyse control measurements for negative trends and reoccurrence frequency.
12. Lead Information Security projects and initiatives that improve compliance across the organization
13. Collaborate with internal/external auditors on compliance audits, audit findings, and issue remediation.
14. Build IT risk awareness by providing support and training to others.

Qualification and Experience Requirement

• Bachelor's degree (or equivalent) in IT7 to 10 Years IT Experience
• Possess at least 8 years of working experience related to information security practices particularly GRC domains.
• Strong experience in technology controls review, risk assessment, policy review and control review type of engagements with clients of different nature and industry
• Holder of security assessor certificates will be an added advantage.
• Possess of information security certifications, such as CISA/CISM/CRISC/CISSP
• Project management experience highly preferred
• Have good written communication and report writing skills

Compliance (this is compulsory section)

Ensure compliance with the requirements of local regulations and all other relevant statutory regulations and guidelines, as well as relevant Company, Regional and Generali policies and procedures.

Information Security (IS):

Responsible for defining requirements as regards to information availability, confidentiality, and integrity. Managers must ensure that all staff members (including temporary staff) and providers comply with the relevant security standards.

• Perform risk analysis to determine risk and potential business impacts.
• Liaise and coordinate with Information System Security Manager on all Information System Security activities within department.
• Ensure compliance on Information System Security standards and Information System Security guidelines are adhere to within department.

Data Privacy:

Ensure compliance with Data Privacy laws and regulations, policies, standards, process and procedures implemented by the Company at all times.

Diversity, Equity, Inclusion

Generali is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, gender identity, national origin, veteran or disability status.

At Generali, we believe that it is our differences that make the difference. At the heart of everything we do, we value the fact that we are all human beings, unique in our own ways, bringing different cultures, lifestyles, mindsets, and preferences.

Our commitment is to leverage this Diversity to create long-term value, to be innovative, sustainable, to make the difference for our people, our clients, our partners as well as our communities. We strive to promote a culture where DEI is embedded in how we work and do business every day. All of us around the world are taking actions every day to create an inclusive and accessible workplace, where every person feels empowered to take ownership, to challenge biases and lead the transformation with a human touch.