Information Security Compliance Senior Manager / Director

As our Security Compliance Senior Manager / Director, you will be tasked with security compliance activities along with our journey. You are expected to take the initiative to assist us with several security compliance programs and certifications. You are required to address and review compliance gaps and give recommendations and support on remediation activities. You will also be trusted to provide technical advice to ensure that security compliance requirements are met throughout all business units.

Responsibilities

• Assist in our security compliance programs, including ISO27001, ISO27701, PCI-DSS, SOC2 Type 2, KISMS, and local regulations
• Participate in internal security and privacy assessments, internal and external audits, compliance certifications, and risk management
• Provide complete and accurate responses to internal and third-party enquiries on security compliance
• Perform security compliance assessment activities, including periodic technical, organizational, and third-party risk and control assessments, and managing remediation activities to completion
• Design and manage necessary control and framework required to comply with international standards and Korea local regulations
• Identify and drive process improvements for streamlining global security compliance operations
• 
  

Requirements

• At least 10 years of experience in information security, privacy, IT audit or IT risk management related roles.
• Prefer experience with one or more of the following: In-house security and privacy operations, conducting security control assessments, risk assessments or audits.
• Prefer experience with any of the following: ISO27001, ISO27701, SOC1, SOC2, PCI, KISMS, SOX, cloud technologies, and data protection regulations and requirements.
• Ability to analyze and review Korea and Global privacy and information security compliance and provide guidance.
• Holders of security-related certifications/qualifications will be an advantage: CISSP, CRISC, CISM, CISA, ISO27001 LA, CIPT, CIPP/E, or other relevant certifications

Preferred

• Proficiency in English with the ability to hold meetings with overseas counterparts.
• Experience in information security and privacy management in virtual assets, fintech, online services, platform services, or global services.
• Experience in establishing information security and privacy framework to meet Korea regulations (PIPA, ICNA, Virtual Asset User Protection Act, Credit Information Protection Act)
• Be a friendly team player with a positive attitude
• Demonstrate a strong commitment to personal learning and development
• Detail minded with an analytical mindset
• Good communication skills with an ability to explain complex technical issues to non-technical business users
• Prior experience with project management
• Interest and understanding of Blockchain and AI technologies