Information Security Governance, Risk

**Summary**

Working as part of the information security office within the IT department at Pacific Prime CXA, the GRC (Governance, Risk and Compliance) Manager will be responsible for leading the day-to-day IT compliance, data governance and IT risk management functions. Primary responsibility will include defining, creation, management and maintenance of IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security controls and practices.

**Responsibilities**
- Establishing corporate information security policies, standards, guidelines, baselines and practices that protect the integrity and confidentiality of information and network infrastructure.
- Develop procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
- Proactively identify audit and compliance related issues to reduce the risk of security exposures, gaps in the design and operating effectiveness of controls whilst seeking opportunities for continuous improvement.
- Driving IT security programs in line with internal and external standards and ensuring compliance with in-country regulatory requirements.
- Maintaining oversight to enterprise-wide security technologies, actively monitoring & responding to security events.
- Develop and maintain standards and controls to ensure the protection of data based on classification.
- Work directly with business units to identify critical data and ensure appropriate data classification and protection standards are implemented.
- Manage the attestation program for all IT controls to support assurance and alignment across all information security stakeholders.
- Support internal and external audit process for relevant compliance concerns including PDPA, GDPR, MAS TRM, ISO27001, etc.
- Perform and evaluate information security risk assessments for various information systems and processes, including annual penetration tests.
- Develop, monitor, track and report against IT Security metrics and KPIs that help the IT Infra understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks.
- Develop and maintain the IT Risk Register to support ongoing tracking and management of all identified risks and issues and to ensure adequate and timely resolutions to all audit/review issues relating to security.
- Lead the development and operation of third-party vendor risk assessment, management and due-diligence program.
- Conduct client meeting and drive all the questions arising from client relationship teams. This includes completing client’s info security questionnaires and liaising with clients on all such requirements within tight deadlines.
- Formulate, lead and communicate security goals and objectives based on an integrated understanding of business priorities, security vision and strategy.
- Providing security related support to IT and business team users and facilitate recommendations on future technical trends/directions that encompass multiple systems and teams to meet business critical initiatives.
- Point of contact to assist and advise on Information Security related matters

**Requirement**
- BSc in Computer Science or equivalent; with 5+ years of relevant working experience in IT governance, risk, and compliance management.
- ISACA / CISM / CISSP Certification.
- Strong understanding of fundamental information security concepts and technology.
- Familiarity with ISMS and security frameworks, particularly NIST Cybersecurity Framework.
- Experience in security design, threat modelling and risk assessments.
- Ability to be self-motivated, flexible and be able to drive and manage multiple tasks and priorities on very tight deadlines in a fast paced and rapidly changing environment.
- Strong interpersonal and collaboration skills with the ability to develop, maintain and foster constructive relationships with others.
- Excellent written and oral communication skills.
- Effective communication and analytical skills
- Strong work ethic with attention to detail.