This role will support the delivery of the Information and Cyber Security Compliance function and will therefore include activities such as:
Regulatory Requirement Mapping
- Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes.
- Map regulatory requirements across regulations against internal policies and controls
- Establish control assurance against internal policies and controls and regulatory requirements
- Conduct gap assessment
- Track regulatory compliance and maintain up-to-date records of regulatory requirements and corresponding mitigating controls.
- Ensure that Information and Cyber Security policies comply with regulations; work with the Policy and Standards Team when policies need to be updated or created.
Information and Cybersecurity Compliance Program
- Assist in implementing various ICS Compliance programs and reporting
- Assist in the implementation, alignment to, maintenance and monitoring of controls following Information Security standard and framework such as ISF, ISO 27001, PCI-DSS, SOC 1/2, Cobit, etc..
- Provides input and assist in shaping and improving Information and Cyber Security Compliance framework and processes
- Coordinate with other compliance functions – like Audit and legal (Compliance and Privacy) – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.
- Work with business units to ensure controls are effective and appropriately address the relevant regulatory requirements they address.
- Assist in interfacing, attesting and demonstrating compliance with relevant authorities, regulators and auditors during compliance assessment and/or audits
- Support and liaise with other ICS functions such as client assurance, supplier risk, ICS Projects, security consultancy, for China business entities.