Governance Risk and Compliance Specialist Security

The Governance Risk and Compliance (GRC) team member will be reporting to the Head of Information Security and is responsible for supporting and enhancing the organizations efforts to ensure adherence to policies regulatory requirements and industry security best practices. This role involves coordinating executing and overseeing various tasks related to governance risk management and compliance to protect the organizations assets reputation and ensure operational effectiveness.

The GRC specialist will work together with the Security Operations Leader Security Operations Engineer and QIMA internal stakeholders to meet the objectives of the audit requirements identify risks present in the group and to assess nonconformities and noncompliance against the organizations Information Security Management System Policy and align the remediation plan with target dates against the respective owners.

The GRC specialist must have a good understanding of the different security and data privacy laws and regulations and industry security best practices with the ability to apply these standards to the QIMA environment.

Key Responsibilities:

1. Governance:
   • Develop implement and maintain policies procedures and frameworks to support QIMAs organizational governance objectives.
   • Foster a culture of security compliance and ethical behavior within the organization.
   • Conduct regular assessments and audits of governance processes to identify areas for improvement.
2. Risk Management:
   • Identify assess and prioritize risks for remediation that may impact the organizations operations and overall security posture.
   • Develop risk mitigation strategies and monitor their effectiveness until closure.
   • Maintain a risk register and ensure all risks are documented evaluated and tracked.
   • Collaborate with various departments to create and implement risk management plans.
3. Compliance:
   • Stay up to date with changing regulations and assess their impact on the organization.
   • Work with the Data Privacy Office and Legal teams to ensure the organization complies with all relevant laws regulations and standards.
   • Conduct regular internal reviews and identify nonconformities against QIMAs Information Security Management System Policy that needs to be addressed.
   • Deploy regular security awareness to all employees and work with training team for security trainings and programs to be delivered to QIMA.
4. Documentation and Reporting:
   • Maintain accurate records of GRC activities including policy documents risk assessments and compliance reports.
   • Prepare and present reports on governance risk and compliance activities to senior management and the board of directors.
   • Document incidents and breaches and manage remediation actions.
5. Collaboration and Communication:
   • Liaise with Security IT Compliance Legal HR and other departments and stakeholders to ensure cohesive compliance and risk management efforts.
   • Act as a point of contact for regulatory bodies auditors and client security requirements.
   • Provide guidance and support to all QIMA employees on GRCrelated matters.

Qualifications :

In order to succeed in this role you should have:

• An understanding of Information Security principles protocols and frameworks and security and privacy regulatory requirements.
• A background on creating and maintaining Information Security policies and procedures.
• A strong understanding of complex IT issues and knowledge of the latest systems and standards.
• A proactive and responsible approach to work with good communication skills.
• Ability to exercise independent judgment and creative problemsolving techniques.

Education & Experience:

• Bachelors degree in Computer Science Information Systems Engineering Cybersecurity or related field of technical expertise.
• With experience on leading/participating in SOC2 ISO27001 and other securityrelated audits.
• With experience on performing risk assessments and management.
• With experience on conducting/leading Business Continuity and Disaster Recovery Plans.
• Preferable with a background in IT internal audit who is knowledgeable on IT infrastructure.

Additional Information :

PERKS YOU CAN GET BY JOINING QIMA PHILIPPINES

• HMO (Medical insurance) 100 for Employee and 100 for first dependent;
• 15 days paid leave;
• Teambuilding activities
• Free coffee
• Game room
• Performancebased salary adjustments
• Employee recognition awards
• Social Awareness and Community
• Involvement Activities
  
  So READY TO BECOME A QIMATE JOIN US! 

Craft the future Start your journey at QIMA to REVEAL your potential! 

Because our differences make the difference at QIMA we are proud to promote inclusive diversity and equal opportunities! Our policy applies to all terms and conditions of employment including recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training. 

QIMA recognizes and recruits all its talents. 

Remote Work :

No

Employment Type :

Fulltime