About You

The Lead, Risk & Compliance is a technical & hands on role that will lead and support the continuous improvement of Information Security for Carsome Group.

Your Day-to-Day

● Perform end-to-end risk management activities which includes internal risk assessments, third party risk assessments, risk treatment plans, risk tracking as well as enhancing the existing process and framework.

● Collaborate & build relationships with internal and external stakeholders for improved risk analysis.

● Perform end-to-end security compliance management which includes but not limited to, being the security liaison for external and internal auditors, coordination & execution of security compliance programs (ISMS, Internal Policies / Manuals / SOPs, regulatory requirements, etc), support and lead all organization audits (example: SOX, PCIDSS, RMIT, PDPA) etc.

● Support security awareness initiatives by collating and communicating content through various channels.

● Support and contribute to policy, manual and standard operating procedures development & enhancements.

Your Know-How

● Bachelor Degree in Cyber Security / Computer Science / Information Technology or equivalent.

● Minimum of 5 years working experience leading and conducting security audits and risk management activities preferably with a cloud background.

● In-depth knowledge and experience in technical security controls in identifying strengths and weaknesses in enterprise and cloud environments.

● Experience in identifying, analyzing and translating security audit requirements that might affect organization security.

● In-depth experience in end-to-end quantitative risk management will be advantageous.

● Good understanding of security best practices, regulatory requirements and compliance

● CISA, CRISC, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer certifications are an advantage.

● PowerPoint Presentation, Document and Spreadsheet (e.g: Excel, Word) Skills

● Passionate, Respectful, Collaborative, and Proactive

● Excellent interpersonal skills.

● Strong oral and written communication skills in English.

● Able to speak and present information in a professional manner to all levels of people.

● Proven ability to work independently within fast-paced and dynamic work environments while being self-motivated and a great team player.