Job Description:
We are looking for an experienced professional to lead our security compliance initiative at Grab. In this role, you will be responsible for designing, implementing, and managing IT security controls throughout the company and ensuring compliance with appropriate internal and external regulations. This position requires hands-on experience providing information security services including policy management, compliance with ISO 27001, PCI DSS, TRM and other regulatory requirements, risk management, and auditing
Responsibilities:
- Manage the end-to-end security governance, risk, and compliance ecosystem to ensure security risks are adequately mitigated over time
- Partner with the CISO leadership team to set and drive a comprehensive, multi-year security vision and strategy enterprise-wide
- Set and manage enterprise security policies, technical standards, exceptions, and mitigating controls
- Partner with internal stakeholders, such as Internal Audit, to redesign and implement an integrated Enterprise Risk Management (ERM) program
- Own and manage a tailored security control framework that addresses Grab’s business risks and achieves industry standards and regulatory compliance requirements as a secondary benefit
- Partner with internal stakeholders to oversee and manage Vendor Risk Management (VRM) and Business Resiliency programs
- Manage a continuous control audit and enterprise security testing program to expeditiously identify and resolve control deficiencies
- Oversee an enterprise-wide security awareness and training program
- Lead and manage a results-driven, high-performing team focused on business-enabling security
- Communicate policies and procedures to stakeholders inside and outside the company
- Develop and direct implementation of security standards and best practices for the organization
- Identify potential risks, threats, and vulnerabilities present in the environment and provide guidance for appropriate security controls for their mitigation
- Ensure compliance with appropriate internal and external regulations
- Monitor, manage and assign IT security and compliance efforts
- Manage and coordinate efforts in support of external audits and assessment activities
- Provide audit response and ongoing guidance on solutions to achieve and maintain security compliance, to mitigate information security risks and to correct compliance exposures and gaps
- Develop security and compliance policies and procedures
Qualifications
- Bachelor's degree in computer science, Information Technology or other technical field required
- Information Security professional certification; e.g., CISM, CISA, CISSP
- 10+ years of experience in technology compliance or security risk management
- Strong knowledge of compliance areas and security frameworks, to include SOC 2–Type 2, CIS CSC, NIST 800-53
- Strong background in cloud security controls, security auditing techniques, general and IT system controls
- Broad strategic and IT risk management experience—e.g., policy definition to control implementation
- Experience working closely with technical engineers and developers
- Extensive knowledge of information security technologies (design, encryption, data protection, privilege access, identity and access management, intrusion detection, forensics, incident management, risk management and auditing)
- Experience with securing virtual environments and cloud-based solutions
- Experience with developing and providing an information security awareness and training program
- Experience with developing and maintaining information security policies and standards
- Strong interpersonal and communications skills; able to work in a collaborative, team-oriented environment
- Strong understanding of governance, risk, and compliance programs
- Able to create, implement, and manage innovative security frameworks and programs
- Strong understanding of emerging technologies and implications on policy and operations
- Proficient in agile/scrum methodologies
