IT Governance Prof Senior

 Ho Chi Minh City 

As a Global InfoSec GRC Specialist, you will play a pivotal role in defining, implementing, and managing the governance, risk management, and compliance strategies for our organization's information security across all international operations. User awareness & training is another integral part of the position.

You will ensure that our information security measures are aligned with business objectives, industry standards, and regulatory requirements worldwide. This role requires a deep understanding of information security principles, global regulatory landscapes, and risk management practices.

Key Responsibilities:

• Develop and maintain global information security policies, standards, and guidelines in accordance with industry’s best practices and regulatory requirements.
• Conduct regular risk assessments to identify, assess, and prioritize information security risks across the organization.
• Implement and manage an effective information security governance framework that aligns with business goals and global regulatory environments.
• Collaborate with various departments to ensure information security compliance across all business processes and technology systems.
• Monitor and report on compliance with information security policies and standards, as well as compliance with external regulations.
• Coordinate with internal and external auditors to facilitate information security audits and ensure the resolution of audit findings.
• Provide guidance and support for information security awareness and training programs.
• Stay informed of emerging information security threats, technologies, and global regulatory changes that may impact the organization.
• Support the development and implementation of incident response plans and procedures to handle security breaches or violations.
• Advise on information security implications of new business initiatives or technology projects, ensuring that security is integrated from inception.

Qualifications:

• Bachelor’s degree in information technology, Cybersecurity, Computer Science, or a related field or similar experience.
• Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent are highly desirable.
• Minimum of 5 years of experience in information security, with at least 2 years focused on GRC in a global context.
• Deep understanding of global information security standards and frameworks (e.g., ISO 27001, NIST, GDPR, LGPD).
• Experience with risk assessment methodologies and tools (e.g., Eramba).
• Strong knowledge of global regulatory requirements and their implications for information security.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to effectively communicate complex information security concepts to both technical and non-technical stakeholders.
• Fluent in English; proficiency in Mandarin.

Working Conditions:

• This role may require occasional international travel.
• Flexible working hours to accommodate global time zones may be necessary.
• Hybrid work environment.