Job Overview
The Senior Risk and Compliance Executive is primarily responsible for driving certification programs and strengthening the Group's compliance posture. This role involves leading specific workstreams on international security standards, conducting compliance assessments, and advising stakeholders to ensure frameworks and policies are effectively implemented across the Group.
Key Responsibilities
- Lead the execution and maintenance of certification programs (ISO/IEC 27001, PCI DSS, SOC 2, etc.).
- Conduct compliance reviews, gap assessments to evaluate adherence to standards and frameworks.
- Provide advisory to business and IT teams on compliance requirements and remediation actions.
- Prepare and present risk and compliance reports for management and external auditors.
- Support the delivery of security awareness training and ad-hoc uplift programs as required.
- Contribute to the continuous improvement of compliance processes, tools, and reporting mechanisms.
- Guide junior members in program documentation and audit readiness activities.
Requirement
- Bachelor's degree in information security, Computer Science, or related discipline.
- 24 years of experience in information security compliance, IT audit, or governance. Strong knowledge of international standards and frameworks (ISO 27001, PCI DSS, SOC 2, NIST, COBIT).
- Experience in certification audits, risk assessments, and compliance reporting.
- Strong analytical, documentation, communications and stakeholder engagement skills.
- Proficient in English.
- Preferred certifications: ISO 27001 Lead Auditor/Implementer, CISA, or other security compliance credentials.
