Security & Compliance Strategist

About Role:

In this highly visible role, you will work with multiple stakeholders within GrabPay to establish traceability and accountability from risks to controls, then to the capabilities that enforce and/or measure compliance to those controls, and on down to the measures of that compliance.
Working with different functional teams, define and implement process and tools to govern security compliance and alignment to industry standards like PCI DSS and SEA regulatory requirements as well as Grab’s policies and standards.
Working reciprocally with multi-functional stakeholders, ensure that visibility into compliance to policies is made available in automated and scalable fashion, including an automated, continuous process for measuring & reporting security compliance whose outputs can be shared with Business leads and management.
You will monitor issues regarding compliance coverage and effectiveness, and use the results to inform management on maturity and resolution processes.
Collaborate with security teams within Grab to find opportunities for enhancing our compliance framework and processes, and make improvement recommendations based on your thorough analysis of the different business processes.
Develop and build critical dashboards, reports, and dimensional models, including both ad-hoc and pre-defined reports that can be consumed by key partners.
Maintain a rigorous internal review & compliance schedule to support strategic business objectives.
Perform Vendor security reviews
Ensure the Confidentiality, Integrity, and Availability of Grab & customer data
Review, define, & document standard operating procedures & protocols.
Advise & consult on technology audit & compliance solutions
Provide input on policies, practices, and procedures throughout the Cloud security infrastructure.


About you:

Passionate about policy, compliance, information security, and automation.
Degree (or equivalent) in a related discipline.
4+ years of experience in information security, security policy, compliance and/or audit,
Working knowledge of one or more compliance standards (e.g. ISO 27001/2, GPDR, PCI DSS, Sarbanes-Oxley, etc)
Worked on any of these regulatory requirements such RBI, MAS TRM, BNM MY etc.
Preferred Experience of GRC tools such as Zen GRC or others
Working knowledge on Cloud AWS / Azure
Preferred Information Security Certification Such As CISSP, CISM, CISA, CRISC
Self-driven individual, demonstrating continuous learning and creativity, and naturally collaborative.
You excel at solving complex problems with analytical skills; you back up your recommendations with strong data.
You possess exceptional business judgement, prioritization, and social skills.
You thrive in a fast-paced, dynamic and multi-cultural business environment and you can work with a range of sensitive and confidential issues.
You have a proven track record of effectively interacting with senior management.