Senior Specialist, IT Policy & Compliance

• Develop, implement, and manage an IT security compliance program to ensure adherence to applicable laws, regulations, and industry standards.
• Stay abreast of changes in relevant compliance and regulatory requirements and update policies and procedures accordingly.
• Conduct regular compliance assessments and audits to identify and address areas of non-compliance.
• Coordinate and manage internal and external compliance audits.
• Develop and maintain comprehensive GRC policies, standards, and procedures documentation.
• Ensure that policies are communicated effectively throughout the organization, and provide guidance on compliance requirements.

• Establish and maintain an effective IT security governance framework that defines the roles, responsibilities, and decision-making processes related to security and compliance requirements (e.g. PDPA, ISMS/ISO 27001, NIST, PCI DSS, RMIT).
• Collaborate with key stakeholders to integrate security governance into overall corporate governance structures.

• Identify potential risks and threats to IT security, assess, and develop risk mitigation plans to prioritize IT Security risk. Work closely with the risk management team to identify and prioritize IT security risks.
• Develop and implement risk mitigation strategies and controls to address identified risks

• Prepare and deliver regular reports on the status of IT security compliance to executive leadership and relevant stakeholders.
• Ensure that compliance metrics are tracked and reported accurately.

• Develop and deliver IT security compliance training programs to educate employees on their roles and responsibilities.
• Foster a culture of awareness and compliance throughout the organization.

• Excellent communication and interpersonal skills to effectively engage with stakeholders at all levels.
• Demonstrated ability to lead and collaborate in a cross-functional team environment.
• Analytical mindset with the ability to translate complex compliance requirements into actionable plans, and problem-solving capabilities to address security challenges effectively.
• Experience with audit processes and managing responses to audit findings.
• Leadership qualities with the ability to inspire and guide a diverse team of IT security professionals.
• Effective communication and presentation skills, both verbal and written, to convey technical concepts to non-technical stakeholders.
• Experience in managing vendor relationships and contracts.
• Demonstrated ability to multi-task, respond to needs quickly and efficiently and prioritize work with a strong attention to detail.
• Ability to work well under pressure and respond to tight deadlines while exercising sound judgment and a self-starter and possess the qualities to work efficiently, effectively, and autonomously with minimum supervision.

U Mobile