As the Governance, Risk and Compliance Lead at SCBX, you will be the driving force behind our
group companies’ Governance, Risk, and Compliance strategy. Your expertise in managing various
GRC domains, including Security Strategy, Assessments, Policies & Controls, Security Architecture,
Awareness & Training, Compliance & Risk Management, Governance &Performance Measurement,
   Third Party Risk Management, and Cyber Resilience, will be instrumental in ensuring a robust
security posture and compliance framework.

Responsibilities:

• Develop and implement a comprehensive GRC strategy aligned with business objectives and industry best practices.
• Oversee and lead security strategy development, including group assessments, to identify potential vulnerabilities and improve security posture.
• Establish and maintain enterprise security policies, standards, and controls, ensuring alignment with relevant regulatory requirements.
• Provide leadership in defining and implementing a robust security architecture to safeguard critical assets and information.
• Lead the design and delivery of security awareness and training programs to enhance the organization's security culture.
• Monitor and ensure compliance with internal security policies, industry standards, and relevant regulations.
• Conduct risk assessments and develop risk management strategies to address identified risks.
• Establish and maintain effective security governance processes, including policies, standards, and procedures.
• Drive the performance measurement of security governance, ensuring continuous improvement.
• Develop and maintain a strong third-party risk management program to assess the security posture of vendors and partners.
• Lead cyber resilience initiatives, including incident response planning and execution, to enhance organizational preparedness.
• Collaborate with cross-functional teams and senior management to ensure effective GRC integration across the organization.
• Provide expert guidance and support on GRC-related matters to internal teams and stakeholders.

Requirements:
To be successful in this role, you should have experience in most of the following:

• A minimum of 8 years of progressive experience in senior GRC leadership roles, with a proven track record of driving successful GRC operation in large and complex organization.
• Comprehensive knowledge and expertise in security strategy, assessments, policies, controls, architecture, awareness & training, compliance & risk management, governance & performance measurement, third party risk management, and cyber resilience.
• Proficiency in relevant regulatory frameworks, industry standards (e.g., ISO 27001, NIST, GDPR, PCI-DSS, SoC2, BOT, SEC) and security best practices.
• Demonstrated leadership skills, inspiring and guiding teams in complex GRC environments.
• Outstanding analytical and problem-solving abilities, with meticulous attention to detail in GRC management.
• Excellent communication and collaboration skills, with the capacity to interact effectively with cross-functional teams and senior stakeholders.
• Relevant certifications such as CISA, CRISC, CISSP, or equivalent (preferred).