Senior Manager, Governance, Risk & Compliance

The role of Senior Manager, Governance, Risk & Compliance (GRC), will be playing a pivotal leadership position in safeguarding the organisation by ensuring adherence to regulatory requirements, managing internal policies, and maintaining a robust governance framework. The successful candidate will work closely with other members of the IT team and business units to ensure the organisation’s cybersecurity risk posture is improved over time.

Key Responsibilities:

1. Develop and oversee a comprehensive GRC program that aligns with industry best practices and regulatory requirements.
2. Conduct regular risk assessments to identify, evaluate, and mitigate potential threats across the organization.
3. Design and execute strategies to ensure compliance with all applicable laws, regulations, and internal policies.
4. Manage and maintain a comprehensive GRC framework, including policies, procedures, and controls.
5. Oversee the development and implementation of GRC training programs for employees at all levels.
6. Manage and improve on the Change Management process for Group IT, including facilitating the Change Approval Board meetings.
7. Lead the development and delivery of engaging and effective Security Awareness Training programs to educate employees on cybersecurity best practices, phishing attempts, social engineering tactics, and secure data handling.
8. Monitor and report on GRC performance metrics to senior management and stakeholders.
9. Identify opportunities to improve the effectiveness and efficiency of the GRC program.
10. Confidently represent the GRC program during internal and external audits, demonstrating a deep understanding of its controls and effectiveness.
11. Collaborate effectively with various departments across the organization, including business units, IT, legal, and finance.
12. Stay abreast of evolving industry standards, regulations, and best practices in GRC and security awareness.

Minimum Requirements:

1. Bachelor's or Master's degree in Computer Science, Information Technology, or related field.
2. Relevant certifications such as CISA are preferred.
3. Minimum 10 years of experience in a GRC or related field.
4. Prior experience as a Lead IT auditor would be advantageous.
5. Proven track record of developing and implementing successful GRC programs.
6. Strong understanding of various governance frameworks and standards, such as NIST, CIS and ISO.
7. Fluency and experiences related with ISO27001, and ISO9001 audits will be an advantage.
8. Experienced with ITIL framework and ITSM tools.
9. Strong understanding of risk management principles and methodologies.
10. Good understanding of various IT and Cybersecurity operations.
11. In-depth knowledge of relevant industry (maritime, data centre, real estate) regulations and compliance requirements.
12. Experience developing and delivering security awareness training programs (preferred).
13. Excellent communication, interpersonal, and collaboration skills.
14. Strong presentation and public speaking skills to effectively represent the GRC program during audits.
15. Ability to operate independently, and also, lead and manage a team.
16. Strong analytical and problem-solving skills.