Security Governance, Risk and Compliance Lead

Job title: Security Governance, Risk and Compliance Lead

Company:


Job description: The Security Governance, Risk and Compliance Lead is responsible for the development and operation of security and IT risk and compliance management activities within Clarks. Working with stakeholders around the business, the role will maintain effective controls are in place to ensure Clarks meets global privacy, financial and other compliance requirements. A central member of the security team, the role will lead on key control areas such as policy development and review and third-party assurance whilst supporting operational audit and compliance assessments (e.g. PCI DSS, SWIFT, internal and external audits). The role will also assist the Head of Security and IT Risk Management in maintaining the overall IT risk register and in regular risk and security metrics collection, interpretation and reporting. Responsibilities Develop, maintain and embed policies relating to core security risk areas, enhanced with standards, guidance and other supporting documentation where necessary. Designs, operates and maintains Clarks’ security third party security assessment framework, utilizing existing toolsets and integrating into buying and procurement processes to ensure a risk-based approach is taken wit key security risks being identified and accepted by relevant business areas as necessary. Works with colleagues from Procurement, Sourcing, Operations, Legal and other areas to ensure appropriate security requirements are embedded within overall procurement frameworks and that appropriate agreements and processes are in place to support this. Works with IT assurance, Finance (including Risk and Internal Audit) and other colleagues to support internal and external reviews of Clarks IT general control and security control environments, sourcing evidence and reviewing output and making recommendations Operates assessment programmes for critical security compliance requirements, including PCI DSS and SWIFT. Engages with Technology, business and project teams where necessary as a subject matter expert in these areas. Monitors compliance landscape to identify emerging requirements that could affect Clarks’ business operations. Assists in the support and maintenance of the IT Risk Register, recording and assessing new risks raised from all areas of the business, reviewing existing risks and using judgement, experience and relevant industry knowledge to recommend proposed activity to mitigate or remediate risks. Supports as necessary training and awareness activities relating to security, privacy and other related areas, assisting in developing relevant tools and materials to embed key messages. Act as an advocate for security across business areas, responding to queries, building relationships and proactively identifying opportunities to improve Clarks’ security posture through affecting change and driving good security behaviours. Assist in the development of relevant management information, metrics and performance indicators in relation to IT risk management, third party assurance, compliance and other security areas. Supporting the Head of Security, other team members and senior stakeholders in other tasks and activities commensurate with the profile of the role as necessary. Delivery of effective security policy and related artifacts Completion of appropriate third-party security assessment activities Security risks recorded and accepted appropriately Compliance programmes operating effectively Functional and security risk metrics designed delivered and reported on Qualifications Fundamental understanding of privacy and data protection laws and regulations and how they apply to technology environments globally (e.g. GDPR, PIPL etc.) Understanding of core security concepts and areas: network security, identity and access management, network security, cloud security, cryptography/PKI, data protection, secure code development, threat and vulnerability management etc. Likely to hold at least one common security certification (CISMP, CISSP, CISA, CISM etc.) alongside other relevant IT certifications (ITIL, AMP, Prince2 etc.) Experience of large, multinational retail, distribution or manufacturing organizations and of working with enterprise resource planning systems beneficial Able to work independently and pivot focus to work on a varied portfolio, blending design of core processes with bespoke review and reactive assessment activities A passion for advocating effective security practice across the enterprise and inspiring others to embed effective security risk management practices into business processes Strong interpersonal and collaboration skills enabling the ability to comfortably communicate with key stakeholders, including senior business leaders, product owners, project managers and business analysts Effective communication skills with the ability to present, discuss and distil abstract risk management and security concepts for consumption by peers, leaders and other stakeholders Capable of producing detailed and accurate technical documentation as necessary using common tools (e.g. PowerPoint, Visio, project tools etc.) Ability to coach, mentor and guide peers and more junior members of the team Extensive experience within information security management, consultancy, risk management or audit roles Familiarity of working with common security and risk management standards and frameworks: 1SO027001/27002, PCI DSS, NIST, COBIT etc. and of aligning and assessing organizational alignment to these Experience of operating third party security assessment processes would be beneficial Show more Show less

Expected salary:

Location: Kuala Lumpur

Job date: Mon, 24 Mar 2025 23:30:08 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck