IT GRC Manager

IT Governance, Risk & Compliance (GRC) Manager In this position, you will join the IT GRC team to perform IT governance, risk management and compliance functions, reporting to the Head, IT VMO & GRC within the Information Services division (IS). As a GRC Manager, you will play a pivotal role in ensuring the organization adheres to regulatory and internal policies, managing risk, and maintaining a robust governance framework. Your responsibilities will involve assessing and mitigating risks, monitoring compliance with applicable laws and regulations, and assisting in the development of strategies to enhance governance practices. The role offers direct interaction with senior management in business, IT, and vendors. Responsibilities Identify potential risks and vulnerabilities within IS operations, processes, IT applications, and IT infrastructure. Conduct risk assessments to evaluate the impact and likelihood of various risks. Develop strategies and plans to mitigate identified risks and minimize their potential impact. Stay updated on relevant laws, regulations, and industry standards that impact IS operations. Ensure IS complies with all applicable regulations, ranging from data privacy and cybersecurity to industry-specific requirements. Implement and monitor compliance programs, policies, and procedures. Contribute to the creation and maintenance of IT policies and procedures that guide IS behavior and practices. Collaborate with legal and compliance teams to ensure policies align with regulatory requirements. Regularly monitor IS activities and processes to detect deviations from established policies and regulations. Conduct internal audits to assess the effectiveness of controls and identify areas for improvement. Prepare audit reports and provide recommendations to enhance compliance and risk management efforts. Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to governance standards. Develop and deliver training programs to educate employees about compliance standards, risk management practices, and ethical behavior. Foster a culture of compliance by promoting awareness and understanding of IT GRC principles across IS. Prepare and distribute regular reports to management and stakeholders summarizing risk assessments, compliance status, and recommendations for improvement. Identify opportunities for enhancing governance processes and recommend improvements to reduce risk exposure and enhance operational efficiency. Qualifications 5 to 7 years' experience in IT governance, risk management or compliance in a regulated industry. Relevant certifications (e.g., CISA, CRISC, GRCP, GRCA) are an added advantage. Experience in the telecommunication/technology industry and associated regulations is a plus. Strong knowledge of regulatory frameworks, industry standards, and best practices related to IT GRC (e.g., PDPA, Cybersecurity Act, NIST, PCI DSS, ISO 27001, COBIT, ISAE 3000/SOC 2). Understanding cloud computing, information security, cybersecurity practices, and data protection principles. Exceptional analytical skills and the ability to assess complex risks and provide practical solutions. Prior experience in Archer GRC solution. Excellent communication and interpersonal skills to work effectively with cross‐functional teams and external stakeholders. Detail‐oriented with a commitment to maintaining the highest standards of integrity and ethics. Strong organizational skills and the ability to prioritize and manage multiple tasks efficiently. Adaptability and the capability to stay current with evolving regulations and industry trends. Results‐oriented, meticulous, and resourceful. Excellent team player, self‐driven, and able to work under pressure. Seniority Level Mid‐Senior level Employment Type Full‐time Job Function Information Technology Industries Telecommunications #J-18808-Ljbffr