isecjobs.com

Manager - IT Governance, Risk and Compliance

Sri Lanka

Full Time Mid-level / Intermediate USD 54K - 100K * est.
Company logo

MAS Holdings

View all jobs at MAS Holdings

Apply now Apply later

Manager IT Governance Risk and Compliance

(Based at MAS Capital-Battaramulla)

MAS is Sri Lanka’s largest exporter and South Asia’s largest design-to-delivery solution providers in apparel and textile manufacturing. With a global community of 100,000, today, MAS spans across 14 countries with its portfolio expanding into wearable technology, FemTech, logistics and fabric parks worldwide. Over three decades, MAS has gained global recognition for its ethical and sustainable working environment as well as its impeccable craftsmanship and product excellence.

Embark on a journey of change with MAS, by joining Data and Digital Transformation as a Manager IT Governance Risk and Compliance. This role would enable you to involves leading the governance of technology solutions across design, build, and run phases, while establishing related policies and procedures. It also includes overseeing technology risk assessment, mitigation, and leadership approvals, as well as ensuring compliance with customer, regulatory, and security management standards..
 

Key Accountabilities:

  • Define and implement governance frameworks across all phases (Design, Build, Run) to ensure IT services meet compliance, security, and business objectives. 
  • Develop, maintain, and enforce IT policies, procedures, and security standards that align with industry best practices and regulatory frameworks.
  • Develop and enforce risk management policies by embedding security and compliance from the initial design phase.
  • Ensure continuous compliance with international security standards (ISO 27001, National Institute of Standards and Technology, the General Data Protection Regulation and Personal Data Protection Act) through policy updates and periodic reviews.
  • Ensure effective policy roll-out across all IT teams and external vendors to drive compliance with governance frameworks.
  • Monitor compliance adherence across the Software Development Life Cycle (SDLC) through audits and automated compliance checks in DevOps pipelines.
  • Perform continuous risk analysis using automated tools to detect security misconfigurations or non-compliance in cloud, on-prem, and hybrid IT environments.
  • Conduct continuous compliance audits on IT operations, projects, and DevOps pipelines.
  • Assist the Head of IT Security in creating and maintaining the Technology Risk Management Procedure for MAS thereby building the roadmap for IT Risk and Compliance.
  • Lead the execution of internal and external Security risk assessments, perform gap-analysis, and ensure remediation in liaison with the IT and Cyber Security Services team.
  • Perform third-party vendor risk assessments and drive security improvements across partnerships.
  • Enhance resilience by implementing business continuity and disaster recovery (Business continuity planning and Disaster Recovery Plan) plans with regular testing.
  • Evaluate the adequacy and effectiveness of safeguards protecting sensitive Company information and assist the IT Governance Manager in driving information security initiatives within IT purview, in Collaborate with the IT and Cyber Security Services team.
  • Develop, conduct, and measure IT policy, procedure and standards awareness training and effectiveness across the enterprise.
  • Design data points to measure the effectiveness of procedure enforcements and prepare methodologies to collect the data.
  • Kick off designing Service Catalogue and Service Portfolios for all services provided by Technology Services to derive.
  • Integrate compliance tracking dashboards in IT service management and design platforms for real-time visibility of compliance.
  • Collaborate with IT architects to design resilient security frameworks that align with cloud-native security practices.
  • Manage and control budget related to spend for the function, on both capital and operational expense items.

Knowledge and Skills:

  • Bachelor’s or Masters Degree preferred in Computer Engineering or Computer Science
  • Professional certification in CISA, CISM, CISSP and CIA is highly desired 
  • Minimum of 8+ years’ experience in IT with experience in several of the following areas: 
    • ISO 27001:2022 audits, internal IT audit, security risk assessments, information governance, privacy, security awareness, or cybersecurity maturity assessments 
    • Experience in governing internal controls in technology governance for any large enterprise
    • Experience in governance in design, build and running of digital solutions
    • Experience at a "Big Four" IT governance and risk consulting can be an added advantage
    • Experience in policy and procedure adherence monitoring
    • IT Auditing, governance and risk related competencies
    • IT Risk Management aligning with industry best practices throughout a lifecycle of identification, quantification and treatment
    • Design control awareness across organization for different users, technical and leadership role
  • The ability to think critically, assess and quantify technology risk, document complex processes and collaborate effectively with cross-functional stakeholders is required
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0
Categories: Compliance Jobs Leadership Jobs

Tags: Audits CIA CISA CISM CISSP Cloud Compliance Computer Science DevOps Governance ISO 27001 Monitoring Privacy Risk analysis Risk assessment Risk management SDLC

Perks/benefits: Career development

Region: Asia/Pacific
Country: Sri Lanka

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Senior Security Analyst jobsProduct Security Engineer jobsInformation System Security Officer jobsSenior Cybersecurity Engineer jobsSenior Cloud Security Engineer jobsSystems Engineer jobsSenior Information Security Analyst jobsSystems Administrator jobsInformation Security Manager jobsSenior Network Security Engineer jobsIT Security Engineer jobsCyber Security Specialist jobsIT Security Analyst jobsChief Information Security Officer jobsSecurity Consultant jobsSecurity Specialist jobsInformation System Security Officer (ISSO) jobsInformation Systems Security Engineer jobsSenior Information Security Engineer jobsSenior Cyber Security Engineer jobsCyber Threat Intelligence Analyst jobsThreat Intelligence Analyst jobsSenior Product Security Engineer jobsCyber Security Architect jobsSecurity Operations Analyst jobs
SaaS jobsBash jobsTS/SCI jobsEncryption jobsEDR jobsThreat detection jobsIDS jobsSplunk jobsSQL jobsMalware jobsSDLC jobsIPS jobsFinance jobsTop Secret jobsForensics jobsTerraform jobsRMF jobsDocker jobsITIL jobsIntrusion detection jobsOWASP jobsCompTIA jobsActive Directory jobsSOC 2 jobsDoDD 8570 jobs
GIAC jobsHIPAA jobsCRISC jobsAnsible jobsUNIX jobsSANS jobsVPN jobsSAP jobsTCP/IP jobsIT infrastructure jobsCCSP jobsSOAR jobsOSCP jobsBanking jobsJira jobsMITRE ATT&CK jobsSOX jobsMachine Learning jobsJavaScript jobsNIST 800-53 jobsDNS jobsCISO jobsData Analytics jobsClearance Required jobsSecurity strategy jobs