Security Compliance Strategist
Level: AVP/VP
Client: International Cryptocurrency Exchange
Location: Hong Kong
Overview:
This is a critical role supporting the Security Assurance team, part of the overall Security organisation and is focused on Security Compliance. In this role, you will play a critical role in ensuring compliance with the organisation’s Policy, Standards and Security Common Controls Framework. You will collaborate with stakeholders in the successful execution of ISO 27001 certification, SOC2 Audits and other security initiatives. The position will also help build automated controls monitoring of security controls and explain them to internal and external stakeholders. The Security Assurance Strategist will be someone that has a passion for implementing innovative security controls that mitigate risk to the company, empower the organisation’s culture of rapid innovation, and help demonstrate our dedication to security to the world. This role requires a mix of broad, business and technical acumen, the ability to inspire and influence decisions pertaining to regulatory standards, and a polished ability to communicate with key internal stakeholders.
Desired Results/Deliverables:
Maintain Common Control Framework (CCF) and Controls List.
Perform ongoing security controls self assessment to support ISO, SOC2, DABA etc. initiatives.
Liaison with the control owners for controls design and implementation.
Perform controls testing for Security Risk Assessment Process as needed.
Assist in automating continuous monitoring of security controls.
Assist in implementation and maintenance of security GRC/IRM tool.
Provide KPI’s and KRIs for security compliance.
Key Responsibilities:
Leads the planning, execution, and reporting of security Controls Self Assessment (CSA) at the organisation.
Ensures accurate identification, communication, and mitigation of risks, processes, and internal control gaps with potential adverse operational, financial, strategic and compliance risk implications.
Engages with business and control owners, internal & external auditors, as well as 100x leadership on new and ongoing compliance initiatives and business transformation projects.
Facilitates the execution of external audits over the organisation’s products and internal controls in accordance with, but not limited to: SOC 2, ISO 27001 etc.
Leads audit walkthroughs and drives the process of audit evidence collection and review for internal and external audit engagements.
Assists in the design of automation to enable scalability of the compliance programs
Assists in GRC tool implementation and day to day management.
Own the follow up process on management action plans to ensure appropriate and timely mitigation of
identified controls failure.
Assists with coaching and development of junior members of the team.
Skills, Traits & Competencies:
5+ years of security experience in relevant security domains (e.g. compliance, security risk management, security audit).
Prior experience of working in Security and Privacy compliance engineering or similar groups at a tech or fintech.
Expertise working on major compliance programs in a complex technical environment supporting at a minimum SOC 2, GDPR, and ISO 270001/2 frameworks.
Strong communication skills, in particular around objectively measuring risk and compliance.
Strong technical background working on complex engineering, security and operations projects and
initiatives.
Expertise managing and coordinating work for external audits and consultants.
Relevant certifications like CISSP, CISA, AWS CCP are preferred