Security Governance, Risk and Compliance(GRC)
Seoul, South Korea
Coupang
Join us to innovate. Rocket your career. Collaborate with teams across the globe. Find your role and learn more about our culture.Team Description:
Data at Coupang is a key business asset. It is of paramount importance that we process and manage data in a way that complies with information security laws and regulations and that maintains data confidentiality, availability, and integrity. The Security Governance, Risk, and Compliance team is responsible for developing/revising policies related to enterprise-wide information security, helping ensure that security policies align with business objectives, raising and educating employees about security, managing enterprise-wide information security risks and capability maturity, and managing information security certifications.
Role Overview:
This role is an individual contributor on the Security GRC team. This team member will apply their information security knowledge and skillsets to assist in support of Security GRC activities. These activities may include coordinating updates to the information security policies, standards, or guidelines or gathering responses in support of our information security certifications. This team member can work independently and should be able to multitask and manage competing priorities in a fast-paced environment, yet remain flexible. He/she will have excellent interpersonal skills, work well with others, and quickly learn our business.
Key Responsibilities:
-
Understand Korean and International Information Security & Privacy laws, regulation and policies
-
Perform risk assessments, report results, and track mitigation
-
Collaborate with key stakeholders to track, manage and reduce risk
-
Support for development and maintenance of information security policies and procedures
-
Change management, exception process operation, and management for Security policies
-
Communication with relevant departments on topics related to information security and regulatory requirements
-
Security awareness-raising and training program development and operation
-
Certification compliance requirements coordination and data gathering
Basic Qualifications:
-
Bachelor’s Degree is required.
-
At least 1 – 3 years of information security experience
-
Experience in information security and personal information protection management system (e.g. ISMS-P, ISO27001)
-
Experience and understanding of IT infrastructure, services, and cloud service
-
Experience and understanding of security system operation/management
-
Understanding and experience of risk management methodology based on ISO27001/2, NIST CSF
-
Experience with GRC tools, ticketing systems like JIRA, collaboration tools like SharePoint
-
Experience in checking and responding to government agencies such as KISA, the Ministry of Defense, the Personal Information Protection Commission, and the Financial Supervisory Authority
-
Passionate about identifying and improving information security
-
Strong and effective communication skills
Preferred Qualifications:
-
Understanding and experience in laws and regulations such as information security or personal information protection in Korea
-
Inspection of basic compliance matters such as the Personal Information Protection Act, the Traditional Network Act, and the Electronic Financial Transaction Act
-
Security certification holders (CISA, CISSP, ISO27001, CISM, Other)
-
AWS security experience
Tags: AWS CISA CISM CISSP Cloud Compliance Governance ISMS ISO 27001 IT infrastructure Jira NIST Privacy Risk assessment Risk management SharePoint
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs