Security Governance, Risk and Compliance(GRC)

Team Description: 

Data at Coupang is a key business asset. It is of paramount importance that we process and manage data in a way that complies with information security laws and regulations and that maintains data confidentiality, availability, and integrity.  The Security Governance, Risk, and Compliance team is responsible for developing/revising policies related to enterprise-wide information security, helping ensure that security policies align with business objectives, raising and educating employees about security, managing enterprise-wide information security risks and capability maturity, and managing information security certifications. 

Role Overview: 

This role is an individual contributor on the Security GRC team.  This team member will apply their information security knowledge and skillsets to assist in support of Security GRC activities.  These activities may include coordinating updates to the information security policies, standards, or guidelines or gathering responses in support of our information security certifications.  This team member can work independently and should be able to multitask and manage competing priorities in a fast-paced environment, yet remain flexible.  He/she will have excellent interpersonal skills, work well with others, and quickly learn our business. 

Key Responsibilities: 

•  Understand Korean and International Information Security & Privacy laws, regulation and policies 

• Perform risk assessments, report results, and track mitigation 

• Collaborate with key stakeholders to track, manage and reduce risk  

• Support for development and maintenance of information security policies and procedures 

• Change management, exception process operation, and management for Security policies 

• Communication with relevant departments on topics related to information security and regulatory requirements 

• Security awareness-raising and training program development and operation 

• Certification compliance requirements coordination and data gathering 

Basic Qualifications: 

• Bachelor’s Degree is required. 

• At least 1 – 3 years of information security experience 

• Experience in information security and personal information protection management system (e.g. ISMS-P, ISO27001) 

• Experience and understanding of IT infrastructure, services, and cloud service 

• Experience and understanding of security system operation/management 

• Understanding and experience of risk management methodology based on ISO27001/2, NIST CSF 

• Experience with GRC tools, ticketing systems like JIRA, collaboration tools like SharePoint 

• Experience in checking and responding to government agencies such as KISA, the Ministry of Defense, the Personal Information Protection Commission, and the Financial Supervisory Authority 

• Passionate about identifying and improving information security 

• Strong and effective communication skills 

Preferred Qualifications: 

•  Understanding and experience in laws and regulations such as information security or personal information protection in Korea 

• Inspection of basic compliance matters such as the Personal Information Protection Act, the Traditional Network Act, and the Electronic Financial Transaction Act 

• Security certification holders (CISA, CISSP, ISO27001, CISM, Other) 

• AWS security experience