• Governance:
• Develop, implement, and maintain policies, procedures, and frameworks to support QIMA’s organizational governance objectives.
• Foster a culture of security, compliance and ethical behavior within the organization.
• Conduct regular assessments and audits of governance processes to identify areas for improvement.
• Risk Management:
• Identify, assess, and prioritize risks for remediation that may impact the organization’s operations and overall security posture.
• Develop risk mitigation strategies and monitor their effectiveness, until closure.
• Maintain a risk register and ensure all risks are documented, evaluated, and tracked.
• Collaborate with various departments to create and implement risk management plans.
• Compliance:
• Stay up to date with changing regulations and assess their impact on the organization.
• Work with the Data Privacy Office and Legal teams to ensure the organization complies with all relevant laws, regulations, and standards.
• Conduct regular internal reviews and identify non-conformities against QIMA’s Information Security Management System Policy that needs to be addressed.
• Deploy regular security awareness to all employees and work with training team for security trainings and programs to be delivered to QIMA.
• Documentation and Reporting:
• Maintain accurate records of GRC activities, including policy documents, risk assessments, and compliance reports.
• Prepare and present reports on governance, risk, and compliance activities to senior management and the board of directors.
• Document incidents and breaches and manage remediation actions.
• Collaboration and Communication:
• Liaise with Security, IT, Compliance, Legal, HR, and other departments and stakeholders to ensure cohesive compliance and risk management efforts.
• Act as a point of contact for regulatory bodies, auditors and client security requirements.
• Provide guidance and support to all QIMA employees on GRC-related matters.
  

• An understanding of Information Security principles, protocols, and frameworks and security and privacy regulatory requirements.
• A background on creating and maintaining Information Security policies and procedures.
• A strong understanding of complex IT issues, and knowledge of the latest systems and standards.
• A proactive and responsible approach to work with good communication skills.
• Ability to exercise independent judgment and creative problem-solving techniques.
  
  

• Bachelor’s degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field of technical expertise.
• With experience on leading/participating in SOC2, ISO27001, and other security-related audits.
• With experience on performing risk assessments and management.
• With experience on conducting/leading Business Continuity and Disaster Recovery Plans.
• Preferable with a background in IT internal audit, who is knowledgeable on IT infrastructure.
  
  

• HMO (Medical insurance) 100% for Employee and 100% for first dependent;
• 15 days paid leave;
• Team-building activities
• Free coffee
• Game room
• Performance-based salary adjustments
• Employee recognition awards
• Social Awareness and Community
• Involvement Activities
  
  

Please refer to job description.