IT Security GRC Manager

Job Purpose

This role leads the Governance, Risk, and Compliance functions. The role ensures that security controls are well‑designed, risks are understood and managed, and the company maintains compliance with industry, customer, and regulatory requirements. This leader partners closely with IT, operations, legal, procurement, and third‑party partners to embed security into daily business processes.

Roles and Responsibilities

IT Security Governance and Policy Management

• Develop, maintain, and enforce security policies, standards,and procedures aligned with business needs and regulatory requirements.
• Establish a governance framework that integrates security intologistics operations, including forwarding systems, warehouse systems, transportation management systems, fleet technologies, IoT devices, and corporate applications.
• Lead security awareness programs tailored to both office and field personnel.

Risk Management

• Own the enterprise security risk management program, including risk identification, assessment, scoring, treatment planning, and reporting.
• Conduct regular risk assessments and maintain the risk register.
• Plan, manage and report mitigation actions.
• Define risk responses (Mitigate/Transfer/Accept) and manage treatment plans.
• Monitor Key Risk Indicators (KRIs) and analyze risk trends.
• Prepare risk heatmaps and executive risk reports.
• Support customer/regulatory assessments with risk documentation.
• Monitor emerging threats and regulatory changes affecting supply chain and logistics operations.

Compliance and Audit

• Manage compliance with frameworks such as ISO 27001, SOC 2,NIST CSF, GDPR, PDPA, CTPAT, PCI DSS (if applicable), and customer‑mandated security requirements.
• Manage internal and external audits, ensuring evidencereadiness and timely remediation of findings.
• Maintain compliance documentation repositories, controllibraries, and audit trails to ensure regulatory adherence.
• Evaluate regulatory changes and update internal policies.
• Support incident response ensuring compliance obligations.
• Coordinate evidence collection for customer/governmentassessments.

Third Party and Vendor Security

• Lead the third‑party risk management program, including duediligence, contract reviews, and ongoing monitoring.
• Evaluate security posture of logistics partners, carriers, technology vendors, and SaaS providers.
• Work with procurement and legal to embed security requirements into vendor agreements.
• Conduct third‑party security risk assessments.

Incident Preparedness and Response Governance

• Develop and maintain incident response plans, playbooks, andcommunication protocols and ensure compliance.
• Coordinate tabletop exercises with IT, operations, and executive leadership.
• Ensure post‑incident reviews translate into updated controls and governance improvements.

Control Design and Assurance

• Oversee the design, implementation, and testing of security controls across IT and operational technology environments.
• Partner with infrastructure, application, and operations teams to ensure controls are practical and effective in high availability logistics environments.
• Track control performance metrics and drive continuous improvement.

Reporting and Stakeholder Engagement

• Deliver regular reports to executive leadership on risk posture, compliance status, and key initiatives.
• Serve as the primary point of contact for customer security questionnaires and supply chain security assessments.
• Communicate complex security topics in clear, business aligned language.

Requirements

• Bachelor’s degree in information security, Computer Science or related discipline.
• Certifications preferred: CISSP, CISM, CRISC, CISA.
• 7+ years in IT Security, GRC or related roles.
• Strong understanding of security frameworks (ISO 27001, NIST CSF, SOC2).
• Knowledge of data privacy regulations (GDPR, PDPA) and cross-border logistics considerations.
• Experience managing audits, compliance programs, and risk assessments.
• Familiarity with logistics & supply chain environments.
• Ability to collaborate with cross‑functional teams and influence without authority.
• Excellent communication, documentation, and stakeholder‑management skills.

#J-18808-Ljbffr