Key Responsibilities

1. Risk Management

• Identify, assess, and prioritize enterprise risks
• Drive periodic risk assessments and reporting to leadership
• Integrate risk management into project delivery and business processes

2. Compliance & Governance

• Ensure compliance with frameworks such as ISO 27001, SOC 2, GDPR, and relevant local regulations
• Develop and enforce policies (InfoSec, data protection, access control, vendor risk)
• Lead internal and external audits, including evidence collection and remediation tracking
• Monitor regulatory changes and assess business impact

3. Information Security Collaboration

• Work closely with IT and Security teams to ensure controls are implemented effectively
• Track vulnerabilities, incidents, and control gaps, ensuring timely closure
• Support incident response and root cause analysis

4. Third-Party & Vendor Risk

• Assess and onboard vendors from a risk and compliance standpoint
• Conduct periodic vendor reviews and ensure contractual compliance clauses

5. Training & Awareness

• Drive organization-wide compliance awareness programs
• Conduct training on policies, security practices, and regulatory requirements

6. Reporting & Stakeholder Management

• Present risk posture, compliance status, and audit outcomes to senior leadership
• Act as a point of contact for auditors, regulators, and internal stakeholders

Required Qualifications

• 5-8 years of experience in Risk, Compliance, or Information Security within IT/Tech organizations
• Strong understanding of frameworks like ISO 27001, SOC 2, GDPR, etc.
• Experience in audit management and regulatory compliance
• Certifications (nice to have): CISA, CRISC, CISSP, or equivalent
• Strong stakeholder management and communication skills