Key Responsibilities
1. Risk Management
- Identify, assess, and prioritize enterprise risks
- Drive periodic risk assessments and reporting to leadership
- Integrate risk management into project delivery and business processes
2. Compliance & Governance
- Ensure compliance with frameworks such as ISO 27001, SOC 2, GDPR, and relevant local regulations
- Develop and enforce policies (InfoSec, data protection, access control, vendor risk)
- Lead internal and external audits, including evidence collection and remediation tracking
- Monitor regulatory changes and assess business impact
3. Information Security Collaboration
- Work closely with IT and Security teams to ensure controls are implemented effectively
- Track vulnerabilities, incidents, and control gaps, ensuring timely closure
- Support incident response and root cause analysis
4. Third-Party & Vendor Risk
- Assess and onboard vendors from a risk and compliance standpoint
- Conduct periodic vendor reviews and ensure contractual compliance clauses
5. Training & Awareness
- Drive organization-wide compliance awareness programs
- Conduct training on policies, security practices, and regulatory requirements
6. Reporting & Stakeholder Management
- Present risk posture, compliance status, and audit outcomes to senior leadership
- Act as a point of contact for auditors, regulators, and internal stakeholders
Required Qualifications
- 5-8 years of experience in Risk, Compliance, or Information Security within IT/Tech organizations
- Strong understanding of frameworks like ISO 27001, SOC 2, GDPR, etc.
- Experience in audit management and regulatory compliance
- Certifications (nice to have): CISA, CRISC, CISSP, or equivalent
- Strong stakeholder management and communication skills
