Security & Compliance Strategist

Get to know our Team:

The information security team at Grab is passionate about solving every security challenge to build the team’s capabilities to enhance Grab’s growth. These security challenges lie in areas from internal and external cybersecurity to data privacy, we work to ensure quality, bug free code. We design programs to catch threats and remove them - to help Grab build for scale. We are here to help every single driver and passenger stay safe.

Get to know the Role:

Grab is seeking a Security and Compliance Strategist, Third Party Risk to join the team! You will work within the infosec team to ito support the ongoing development of information security and risk management initiatives . The successful candidate will also be required to assist with ongoing security risk assessments of our third parties across Grab South East Asia.

The day-to-day activities:

• Utilize integrated security risk management framework to evaluate third parties
• Assist with the scheduling and tracking of new and existing third party assessment activity across the organization.
• Implementing overall third party security risk management process for the organization Performing a risk assessment: Analyzing current risks and identifying potential risks that will affect the company.
• Performing a risk evaluation: Evaluating the company's previous handling of risks, and comparing potential risks with criteria established by the
• Risk reporting tailored to the relevant audience. (Educating about the most significant risks to the business; ensuring appropriate individuals understand the risks that might affect their departments; ensuring individuals understand their own accountability for individual risks)
• Provide third-party assessment and risk metrics on a regular basis.
• Documenting and explaining the external risk posed to stakeholders.
• Evaluating the technical security architecture of the engagements with third parties
• Work with third parties to create mitigation plans and monitor/track the plans to completion.
• Building risk awareness amongst employees by providing support and training within the company.
• Identification and delivery of process improvements

The must haves:

• At least 4-5 years' experience working within IT, IT Audit, information security risk, governance, compliance or similar department is highly desirable.
• Knowledge of Information Security and business continuity is highly advantageous.
• CISSP,CISA preferred
• A basic understanding of NIST CSF, ISO27001/2 and SOC1/2, ISAE/SSAE16.
• Good attention to detail supported by strong communication skills (both written and verbal) are a must.
• Understanding of systems architecture, infrastructure, security and applications
• Ability to align risk issues to business solutions is key.