Portfolio Company Careers

Discover opportunities across our network of values-driven companies!
Sovereign’s Capital
Sovereign’s Capital
50
companies
714
Jobs

Security Compliance Strategist

Grab

Grab

Legal
Jakarta, Indonesia
Posted on Wednesday, May 29, 2024

Company Description

About Grab and our workplace

Grab is Southeast Asia’s leading superapp. We are dedicated to improving the lives of millions of users across the region by providing them everyday services such as deliveries, mobility, financial services, enterprise services and others. More than that, we provide the opportunity for them to have a better life. And that aspiration starts inside Grab because we believe in a seamless blend of work and home life, making every aspect of life better for all.

Guided by The Grab Way, which spells out our mission, how we believe we can achieve it, and our operating principles—the 4Hs: Heart, Hunger, Honour and Humility—we work to create economic empowerment for the people of Southeast Asia. With our unwavering commitment to our values, we believe that we're more than a service provider; we're agents of positive change.

Job Description

As a Security Compliance Strategist, you are an individual contributor within the Cyber Security - Cyber Assurance function to assess cyber risks for third party engagements responsible for assessing, monitoring, and mitigating risks associated with third-party engagements across the lifecycle of the vendor.

You will be working with multiple stakeholders internal & external to assess cyber security requirements specifically on South East Asia Cyber Regulatory requirements & industry standards for all third parties. You will play a critical role in the delivery of a wide range of initiatives – from small, quick wins, to lengthy and complex risk and compliance initiatives within 3rd party risk management programs. The ideal candidate should have good understanding on fundamentals of cloud environment (e.g. Azure, AWS)

Key Responsibilities:

  • Collaborate with other Cyber Security teams such as Product Security and Application Security teams within Grab to enforce and enhance our third party security compliance framework and processes
  • Collaborate with internal stakeholders such as the Data Protection Office (DPO), Group Compliance and Risk, Procurement, Legal, Finance, and other Information Security teams to gather needs/ requirements for identifying and assessing third party vendors
  • Collaborate on initiatives between Cyber Assurance and Procurement, Outsourcing Governance, and Data Privacy Office functions to harmonize security standards in third-party partnerships, aiming for improved adherence to Grab’s privacy regulatory commitments, procurement guidelines, and outsourcing criteria.
  • Document and track third-party risk assessments, remediation activities and processes
  • Review contractual agreements to ensure alignment with company standards and risk tolerance.
  • Utilize risk management tools and frameworks to track and report on key risk indicators associated with third-party engagements.
  • Analyze results to determine ongoing monitoring and remediation requirements and monitoring to ensure remediation of information security gaps in a timely manner
  • Provide risk-based guidance to third-party business stakeholders to ensure transparency, comprehension, and acceptance of the risks involved in doing business with each third-party throughout the third-party lifecycle
  • Incorporate lessons learned to ensure continuous process enhancements and data analytics
  • Conduct security design & architecture review to identify potential security flaws.

Qualifications

  • 3 - 8 years of experience in a Third Party Cyber Risk management, Cyber Supply Chain Risk Management, Cyber Compliance or Audit role

  • Degree in Computer Science or a technology-related field

  • Professional Information Security certification such as CISSP/CISM/CISA/CRISC/ ISO 27001

  • Solid knowledge of various Cyber Security frameworks (e.g. SOX 404, SOC 1/2/3, NIST 800-53, ISO27001)

  • Solid knowledge of various information security and auditing frameworks

  • Fundamental understanding of security practices in cloud environments

  • Ability to perform system architecture review, code review, and penetration testing

  • Basic knowledge or understanding to code/script in at least one programming language like Python, Java, C++.

  • Good understanding of pen-testing tools and procedures for Web/Mobile and good knowledge on application security vulnerabilities (OWASP top 10, SANS 20, etc)

  • Solid knowledge in cloud technologies (e.g. AWS & Azure)

  • Solid knowledge in third party security risk management

  • Excellent problem-solving and analytical skills

  • Excellent stakeholder management skills

  • Excellent project management skills

  • Strong influencing soft skill to gain support with stakeholders

Additional Information

We are committed to building an inclusive and equitable workplace that enables diverse Grabbers to grow and perform at their best. As an equal opportunity employer, we consider all candidates fairly and equally regardless of nationality, ethnicity, religion, age, gender identity, family commitments, physical and mental impairments or disabilities, and other attributes that make them unique. If you require accommodations to fully participate in the recruitment process, you are encouraged to include your request(s) when applying.

We deliver the greatest impact and ideas when we bring together diverse perspectives. It is what enables us to spread opportunities to Grabbers and our partners. It’s not a box-ticking exercise; it’s who we are.