We are looking for a skilled Information Security Governance, Risk, and Compliance (GRC) Specialist to join the Avaloq CISO Governance team. The CISO Governance team is responsible for developing, implementing, and maintaining our organization's Information Security governance, risk management, and compliance programs. The ideal candidate has a deep understanding of information security practices, regulatory requirements, and risk management frameworks. The role is based in Manila.
Your key responsibilities
Your key responsibilities will include the following domains. You don't have to be an expert on everything, but you must be willing to learn!
- Governance and Compliance
- Participate in the development and maintenance of Avaloq's information security governance framework.
- Lead and aid with compliance-related issues across stakeholders.
- Work closely with internal and external audits, both to support the audit activities and to manage the remediation of findings.
- Report to management and relevant stakeholders on compliance status and security governance effectiveness.
- Policy Management
- Provide guidance and assist in the drafting, revision, and implementation of security policies and procedures.
- Monitor and evaluate the effectiveness of implemented policies and procedures.
- Participate in regular policy reviews to ensure alignment with changing regulations and organizational objectives.
- Security Risk Management
- Conduct and guide risk assessments to identify potential security threats and vulnerabilities.
- Conduct security assessment of third-party vendors to evaluate compliance with Avaloq’s security standards.
- Monitor third-party compliance with agreements and performance against organizational benchmarks.
- Awareness and Advocacy
- Be an advocate for security among your colleagues.
- Participate in the development and implementation of a comprehensive cybersecurity awareness program.
- Craft engaging and informative security training materials for Avaloq employees.
- Measure the effectiveness of employees' knowledge and competencies and adapt strategies based on feedback and trends.
- Participate in internal security awareness activities such as new employee onboarding.
- Stay updated with the latest developments in information security, risk management, and compliance.