Nơi làm việc: Singapore
Mức lương:
Ngành nghề: CNTT - Phần mềm
Security Compliance Strategist
As a Senior Security Compliance Strategist you are in a leadership position within the Engineering organization – to partner with Engineering, Product Management, Technical Operations, IT, & Customer Success teams to build and deliver key projects and programs. You will be the point person for clarifying strategic level goals, and outlining the execution plans to achieve them. Employing both a strategic focus, as well as a tactical approach is a must in this role. You will play a critical role in the delivery of a wide range of initiatives – from small, quick wins, to lengthy and complex compliance programs. The ideal candidate will have strong program / project management experience in a SaaS/mobile and agile environment.
Key Responsibilities
Manage compliance projects across multiple teams, including operations, IT and development
Develop internal policy and procedure documents to support security compliance initiatives
Perform external & internal security compliance audit activities
Advise internal business stakeholders on risk and compliance requirements and work in cross-functional partnership to help ensure those requirements are met
Clearly explain our security compliance program to third parties, including customers and vendors
Deep experience in information security, data compliance, and risk management
In depth understanding in all aspects of risk management, data compliance, information security strategy, technologies and tools
Direct experience with successfully implementing and managing an IT GRC tool (e.g., Archer, Modulo, MetricStream, etc.)
Experience with developing and producing security and compliance reporting that are meaningful and actionable for both technical/engineering and executive management audiences
Proven experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities
Direct experience and knowledge of applicable local and federal information technology laws
Solid knowledge and understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
Structure and kick-off continuous and/or time-bound programs within the Engineering organization by clarifying priorities, enabling the execution of deliverables, defining process flows, and providing continuous transparency
Lead Engineering initiatives to obtain industry compliance certifications
Take a hands-on approach and partner with Engineering team leads and managers to implement and adopt processes and procedures in accordance with compliance standards
Lead the introduction of new processes / workflows, by creating and bringing proposed solutions to the teams. Work collaboratively to roll-out iteratively
Build and maintain alignment across multiple teams for keeping a focus on execution, continuous improvement, and operational excellence
Take a hands-on and proactive approach to unblock progress, introduce efficiencies, and provide workflow solutions
Anticipate and mitigate risks – by having close involvement with teams’ goals and challenges, applying past experience, and keeping in mind the big picture
Desired Skills, Experience & Qualifications
5-10 years of experience in an equivalent risk and technology compliance related role
Familiar with industry compliance standards as they relate to Software as a Service, such as SOC 1 (SSAE16), SOC 2, PCI, SOX, GLBA
Familiarity with Cloud Computing and Software as a Service
Keen attention to detail and accuracy is necessary in order to analyze and finalize documents
Organized, responsive, and able to gain support and consensus with multiple stakeholders
Strong communications skills, both written and oral
Experience working in an agile environment
Led cross-organizational teams to deliver strategic / business level goals, by partnering with Product & Engineering leadership
Big 4 experience or related professional services/consulting background strongly preferred
Certifications such as CISSP, CISA, CISM highly desirable
Bachelors or Masters in Computer Science or a related engineering field and equivalent experience
Grab Vietnam