As a Specialist Compliance, Risk and Cyber Resilience, you will be a vital member of our Security
team, responsible for driving success in the GRC domain and ensuring a robust security posture
across SCBX Group. Your primary focus will be on Enterprise Security Policy, Standards & Controls,
Enterprise Security Compliance and Risk, Third Party Risk Management, and Cyber Resilience.

Responsibilities:

• Develop and maintain comprehensive security policies, standards, and controls aligned with industry best practices and regulatory requirements.
• Collaborate with relevant stakeholders to ensure policies are well-understood, implemented, and enforced organization-wide.
• Lead risk assessments to identify and evaluate security risks, vulnerabilities, and potential impacts to the organization.
• Develop and implement risk management strategies to effectively mitigate identified risks.
• Monitor and ensure compliance with internal security policies, standards, and regulatory requirements.
• Establish key risk indicators (KRIs) and oversee the monitoring and reporting of risk metrics to senior management.
• Develop and implement a robust third-party risk management program to assess the security posture of vendors and partners.
• Conduct risk assessments and due diligence on third-party vendors to ensure their alignment with security requirements.
• Establish and maintain effective communication channels with third-party vendors to address security concerns and drive compliance.
• Plan and execute cyber resilience initiatives, including incident response and business continuity planning.
• Develop and maintain an incident response plan to efficiently handle security incidents and breaches.
• Coordinate incident response activities with relevant teams to minimize the impact of security incidents.
• Conduct post-incident reviews to identify areas for improvement and update response plans accordingly.

Requirements:
To be successful in this role, you should have experience in most of the following:

• Minimum of 5 years of experience in a GRC-focused role, with a proven track record of successfully implementing GRC programs.
• Strong expertise in technology controls review, risk assessment, policy review, and control review engagements for clients from various industries.
• Extensive knowledge of security policies, standards, and controls, as well as risk management principles.
• Familiarity with relevant regulatory frameworks and industry standards (e.g., ISO 27001, NIST, GDPR).
• Strong understanding of third-party risk management practices and their application to vendor assessments.
• Experience in incident response planning and execution, with a focus on cyber resilience.
• Excellent communication and collaboration skills to work effectively with cross-functional teams and senior management.
• Relevant certifications such as CISA, CRISC, CISSP, or equivalent. 
• Strong analytical and problem-solving abilities, with a detail-oriented and proactive approach to risk management.
• Excellent written communication and report writing skills.
• Demonstrated ability to work effectively as a team player, collaborating with cross-functional teams.