GRC

Description:

Job Purposed:

Responsible for establishing and maintaining a comprehensive cybersecurity governance framework, effectively managing security risks, promoting security awareness, and ensuring adherence to all relevant regulations, standards, and policies.

Main Responsibilities:

1.Develop, formalize, and continuously optimize security policies, procedures, and guidelines to ensure alignment with industry standards and evolving cybersecurity threats.

2.Ensure compliance with standard security frameworks, including ISO 27001 and NIST standards.

3.Implement the Third-Party Risk Management (TPRM) framework and perform third-party contract reviews to evaluate vendor security posture and ensure alignment with organizational security requirements.

4.Monitor and manage the lifecycle of the security risk register and exception to ensure timely review and remediation.

5.Develop and execute security culture program for all employee, critical user and critical third-party to promote strong security culture and ensure compliance.

6.Support the administration and tracking of security budget utilization to ensure effective and timely execution.

Employment Status: Permanent (P)