Senior Security Compliance Strategist

Senior Security Compliance Strategist

GrabTaxi Pte Ltd
5-10 years
Not Specified

Job Description

Job Description :
As a Senior Security Compliance Strategist, you are an individual contributor within the Cyber Security - Cyber Assurance function to assess cyber risks for third party engagements & identify, remediate & track risks for closure across end to end lifecycle.
You will be working with multiple stakeholders internal & external to assess cyber security requirements specifically on South East Asia Cyber Regulatory requirements & industry standards for all third parties. You will play a critical role in the delivery of a wide range of initiatives - from small, quick wins, to lengthy and complex risk and compliance initiatives within 3rd party risk management programs. The ideal candidate should have good program / project management experience and also good understanding on fundamentals of cloud environment (e.g. Azure, AWS)
Key Responsibilities:

  • Working with other cyber security teams such as Product Security and Application Security teams within Grab to enforce and enhance our third party security compliance framework and processes

  • Working with internal stakeholders such as the Data Protection Office (DPO), Group Compliance and Risk, Procurement, Legal, Finance, and other information security teams to gather needs/ requirements for identifying and assessing third party vendors

  • Participating in joint projects between Cyber Assurance and the Data Privacy Office for better integration of security requirements in third party engagements in order to ensure better compliance with Grab's privacy regulatory obligations, upon DPO's consultation and guidance

  • Working with appropriate stakeholders to evaluate third party vendor's security practices to determine security posture and readiness to securely manage Grab's information assets and data they are entrusted with

  • Documenting and tracking third-party risk assessments, remediation activities and processes

  • Collecting Key Risk Indicator (KRI) and Key Control Indicator (KCI) of third-party security compliance status and conducting framework-based risk analysis

  • Analyzing results to determine ongoing monitoring and remediation requirements and monitoring to ensure remediation of information security gaps in a timely manner

  • Providing risk-based guidance to third-party business stakeholders to ensure transparency, comprehension, and acceptance of the risks involved in doing business with each third-party throughout the third-party lifecycle

  • Working with Grab for Business (GfB) stakeholders to respond to the information required by Grab's GfB clients as part of their partnership initiatives

  • Incorporating lessons learned to ensure continuous process enhancements and data analytics

  • Conducting security design & architecture review to identify potential security flaws.

The must haves:

  • 5-10 years of experience in a Third Party Cyber Risk management, Cyber Supply Chain Risk Management, Cyber Compliance or Audit role

  • Degree in Computer Science or a technology-related field

  • Professional Information Security certification such as CISSP/CISM/CISA/CRISC/ ISO 27001

  • Solid knowledge of various Cyber Security frameworks (e.g. SOX 404, SOC 1/2/3, NIST 800-53, ISO27001)

  • Solid knowledge of various information security and auditing frameworks

  • Fundamental understanding of security practices in cloud environments

  • Ability to perform system architecture review, code review, and penetration testing

  • Ability to code/script in at least one programming language like Python, Java, C++.

  • Good understanding of pen-testing tools and procedures for Web/Mobile and good knowledge on application security vulnerabilities (OWASP top 10, SANS 20, etc)

  • Solid knowledge in cloud technologies (e.g. AWS & Azure)

  • Solid knowledge in third party security risk management

  • Excellent problem-solving and analytical skills

  • Excellent stakeholder management skills

  • Excellent project management skills

  • Strong influencing soft skill to gain support with stakeholders

  • Able to perform risk assessments to understand the business requirements and come up with mitigation strategies from a security perspective

Job Details

Job Source :

Similar Jobs

Career Advice to Find Better