As the Specialist Compliance and Risk, you will be a vital member of our Security team, responsible
for driving success in the GRC domain and ensuring a robust security posture across SCBX Group.
Your primary focus will be on Enterprise Security Policy, Standards & Controls, Enterprise Security
Compliance and Risk.

Responsibilities:

• Develop and maintain comprehensive security policies, standards, and controls aligned with industry best practices and regulatory requirements.
• Collaborate with relevant stakeholders to ensure policies are well-understood, implemented, and enforced organization-wide.
• Conduct risk assessments to identify and evaluate security risks, vulnerabilities, and potential impacts to the organization.
• Monitor and ensure compliance with internal security policies, standards, and regulatory requirements.
• Monitor key risk indicators (KRIs) and reporting of risk metrics to senior management.
• Implement a robust third-party risk management program to assess the security posture of vendors and partners.
• Conduct risk assessments and due diligence on third-party vendors to ensure their alignment with security requirements.
• Maintain effective communication channels with third-party vendors to address security concerns and drive compliance.

Requirements:
To be successful in this role, you should have experience in most of the following:

• Bachelor's degree in Computer Science, Information Technology, Cyber Security, or a related field.
• Proven experience of 3-5 years in roles related to Enterprise Security Policy, Standards & Controls, Enterprise Security Compliance, and Risk.
• Demonstrated expertise in developing and implementing risk management programs, including conducting risk assessments and evaluating vendor due diligence.
• In-depth understanding of security policies, standards, and controls, along with a strong grasp of risk management principles.
• Familiarity with relevant regulatory frameworks and industry standards, such as ISO 27001, NIST, and GDPR.
• Excellent written and verbal communication skills, with the ability to collaborate effectively with team members and stakeholders.
• Demonstrated ability to work independently, take ownership of projects, and drive them to successful completion.
• Strong analytical and problem-solving abilities, with a detail-oriented approach to risk management.
• Preferred certifications such as CISA, CRISC, CISSP, or equivalent, which demonstrate your commitment to professional growth and expertise (optional but preferred).