Head of Risk & Compliance

at  FIRMUS METAL INTERNATIONAL PTE LTD

The Head of Risk & Compliance will be responsible for helping to design, build and manage the whole-of-organisation GRC and security posture in relation to internal, domestic, and international standards and certifications. You will be required to provide advice, guidance, and strategy to Executive Leadership and functional heads across the organisation. Ensuring adequate management systems, processes and policy arrangements are implemented across the organisation.
The individual will also take on the responsibilities of a Chief Security Officer (CSO) and lead the development and implementation of protective security policy requirements, systems and controls for managing our information and physical security risks, as well as maintaining ISO and other certifications.

SKILLS AND EXPERIENCE

• Senior leadership experience in a risk & compliance role, ideally with working experience in the Technology industry
• Minimum of 9 years of working experience in a combination of risk management, information security and governance.
• Sound knowledge of the GRC and Generative AI challenges that businesses face.
• Exceptional executive and stakeholder management skills and ability to influence and challenge constructively.
• Information Security / Cyber Security Management Compliance: Endpoint security management, SIEM, SOC delivery, SOC 2 (Type 1 & 2), GDPR / PDPD, ISO27001:2013 / 2022
• Excellent Knowledge of common GRC and information security management frameworks.
• Highly refined written and verbal communication, presentation skills and high level of personal integrity.
• Knowledge and experience in evolving GenerativeAI / AI computing technologies, including quantum security.
• Familiarity with enterprise security use cases (SIEM, EDR/XDR, vulnerability management / scanning).
• Exposure to security appliance vendors such as Fortinet, Palo Alto, and others.
• Exposure to integrated security systems from vendors such as Inner Range, Gallagher.

• Management of existing risk and compliance (GRC) processes.
• Development of new risk and compliance processes for global projects.
• Lead the strategic risk processes and audit programs
• Develop, implement, and monitor a strategic, comprehensive information security and risk management program.
• Lead the audit activities with different internal and external stakeholders
• Management of existing accreditations such as ISO27001 and leading projects to obtain further accreditations.
• Lead the development of group policy and frameworks, including Risk Management, Governance, ESG, and Information Security Management.
• Provision of risk and compliance advice to senior leaders.
• Facilitate risk and compliance forums and committees.
• Support functional areas to develop and implement compliant systems and processes.
• Build and enhance information security and risk management awareness across the organisation.
• Conduct compliance audits of functional / departmental processes to maintain corporate compliance, providing support and advice to functional / department heads to enhance current processes.
• Lead the establishment of physical, technical and behavioural security measures to detect, prevent, and mitigate cyber-attacks.
• Lead the development of response protocols for successful cyber-attacks and participating in disaster recovery and business continuity planning for compromised data.
• Ensure ongoing Security awareness and notifications are delivered across the Company
• Promote a culture of strong information security as active defender against cyber threats
• Work directly with the subsystems owners to facilitate risk assessment and risk management processes.
• Partner with business stakeholders across the organization to raise awareness of risk management concerns.
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.