Función del empleo: Tech

Tipo de puesto: Permanent

Tipo de empleo: Full - Time

Localización: Singapore

País: Singapore

The role will be acting as the Application GRC (Governance, Risk and Compliance manager) for NASAPMENA and coordinate the roll-out of L’Oréal group cybersecurity program with the in-scope perimeters.

This role requires an individual with a strong communication skill, as well as the ability to work across the IT organization, divisions, and the business teams to align information security priorities and controls with key business objectives.

Job Description

  • Ensure information security collaboration and compliance at the zone and group level 
  • Directly responsible for conducting the security risk assessments to ensure the systems and/or applications are complying with the corporate security policies, regulatory requirements, and adherence to best practices
  • Identify, research, and evaluate new compliance requirements and present them to the relevant team and senior leadership
  • Work with Zone & regional GRC teams on security self-assessments, internal and external security audit
  • Develop, track, maintain the controls matrix to ensure the systems and/or applications are complying with policies, standards, and regulatory requirements 
  • Support the issue and/or risk owners for the interpretation of the relevant non-compliance issues and ensure stakeholders are well understand on the risks and be prepared in terms of remediation
  • Drive coordination with various teams to develop and implement the security remediation plan across the region to meet the IT security and regulatory requirements
  • Work with IT and business application owners to ensure the baseline security standards are embedded in IT and business operations
  • Lead the system-wide IT compliance program, ensuring IT activities, processes, and procedures meet defined requirements
  • Provide metrics and data on findings to ensure prioritization for remediation and closure.
  • Develop and maintain the regional findings library to support analysis, trending and pre-closure and drive remediation and risk mitigation planning, execution, and reporting.
Professional Competencies

Bachelor's or master’s degree in Computer Science, Information Security or a related field or discipline is ideal. A minimum of 8+ years of combined experience in information security, Application security GRC, project management etc. Professional industry certifications are preferred, e.g., CRISC, CISM, CISA, etc.

  • At least 6 to 7 years of experience on SAP GRC Access Control
  • Experience in newer SAP Application such as HANA, S4, Fiori, Lumira, IDM, GRC Process Control, GRC Risk Management, Audit Management, Fraud Management etc.
  • Good understanding on concepts of Segregation of Duties SoD
  • Ability to perform Solution Architect tasks working on defining solutions in response of client request for proposal, technical design and development of SAP GRC AC functions for programs, projects and change requests.
  • Experience in end to end SAP GRC AC, ability to conduct workshops, manage and plan for UAT, Regression Testing, Cutover and Hyper care activities.
  • Extensive experience in the design and development of SAP GRC AC policies, strategy, and Governance Risk and Compliance Experience with regulatory compliance such as Sarbanes Oxley is a requirement.
Ability to perform security remediation.