What makes this a great opportunity
Suntory Global Spirits is Crafting the Spirits that Stir the World. Rooted in two centuries of family heritage, Suntory Global Spirits has evolved into the world's third-largest leading premium spirits company — where each consumer is treated like family and trusted with legacy. With our greatest assets — our premium spirits and our people — we are driving growth through impactful marketing, innovation, and an entrepreneurial spirit. Suntory Global Spirits is a place where you can Unleash your Spirit by making an impact each and every day.
Mission:
Suntory Global Spirits currently has the following position open - Senior Manager: Governance, Risk and Compliance. Working Hybrid (3 days in the Gurgaon office).
We are seeking a highly experienced Cyber Risk & Compliance leader to drive and evolve the organization's enterprise Governance, Risk, and Compliance (GRC) strategy. This role will operate as a senior advisor to leadership, ensuring cybersecurity risks are proactively managed, regulatory obligations are met, and security governance is embedded into business decision-making. The position requires a strategic thinker with hands-on execution capability, able to operate across global stakeholders, complex regulatory environments, and large-scale technology ecosystems.
Role Responsibilities
Strategic Risk Leadership
- Define and execute the enterprise cyber risk management strategy aligned to business objectives
- Establish risk appetite alignment and support leadership in risk-based decision making
- Maintain and evolve the enterprise cyber risk register, taxonomy, and reporting framework
- Provide regular risk posture updates and actionable insights to executive stakeholders
Governance & Framework Alignment
- Lead the design, implementation, and continuous improvement of the GRC operating model
- Ensure alignment with global standards including ISO 27001, NIST CSF, NIST 800-53, COBIT, and SOX
- Develop and maintain security policies, standards, and procedures across the organization
- Drive maturity assessments and roadmap development for cybersecurity governance
Regulatory Compliance & Assurance
- Oversee enterprise compliance programs including SOX IT controls, ITGC, and regulatory requirements
- Direct audit readiness activities and serve as primary interface for internal and external auditors
- Manage control deficiency remediation and continuous control improvement
- Monitor emerging regulatory requirements and ensure proactive compliance readiness
Third-Party & Supply Chain Risk
- Assess vendor security posture and drive risk mitigation strategies
- Partner with Procurement and Legal to embed security requirements into contracts
- Provide oversight of critical suppliers supporting business operations
Access Risk Governance
- Oversee access governance across enterprise systems, including SAP GRC controls
- Ensure robust Segregation of Duties (SoD), User Access Reviews (UAR), and privileged access management
- Advise on identity risk strategies for cloud and digital transformation initiatives
Business Resilience & Critical Asset Protection
- Ensure alignment with disaster recovery and business continuity planning
- Support resilience testing and preparedness activities
Risk Advisory & Transformation Support
- Provide cyber risk advisory for strategic initiatives, new technologies, and digital programs
- Evaluate security implications of architectural and operational changes
- Support threat prioritization and risk treatment planning
Security Culture & Awareness
- Drive enterprise-wide security awareness initiatives and behavioral change programs
- Promote accountability for risk ownership across business units
- Champion a strong security culture across the organization
Stakeholder & Leadership Engagement
- Act as a trusted advisor to senior leadership on cyber risk posture and mitigation strategies
- Collaborate with IT, Engineering, Legal, Privacy, Compliance, and business leaders globally
- Influence decisions without direct authority across a matrixed organization.
Qualifications
Desired Qualifications:
- Master's degree in information technology/Cybersecurity/Information Security, or related field
- 10+ years of progressive experience in Cyber Risk, IT Audit, Compliance, or GRC leadership roles
- Demonstrated experience building, scaling, or transforming enterprise GRC programs
- Experience with enterprise GRC platforms (e.g., KnowBe4, ServiceNow, OneTrust, LogicGate, SAP GRC)
- Deep expertise in multiple security frameworks and regulatory environments
- Proven ability to manage complex audits and executive-level reporting
- Strong strategic thinking combined with operational execution skills
- Excellent stakeholder management across technical and non-technical audiences
- Security certifications preferred (e.g., CISA, CISSP, CRISC)
- Strong analytical and technical documentation skills
