Technology Grc Manager

Reference Code: 74843**Technology GRC Manager**:

- Richemont- Meyrin, GE, CH- PermanentRichemont owns some of the world’s leading luxury goods Maisons, with particular strengths in jewellery, fine watches and premium accessories. Each Maison represents a proud tradition of style, quality and craftsmanship and Richemont seeks to preserve the heritage and identity of each of its Maisons. At the same time, we are committed to innovation and designing new products which are in keeping with our Maisons’ values, through a process of continuous creativity.

“Digital transformation is at the forefront of our Group development. This transformation is creating new opportunities on all the areas and domains where the Group operates, while exposing the Group to new Security and Compliance challenges.

Join us if you want to play a key role in this journey by partnering with our technology functions to enable a secure innovation, while keeping our people, operations and digital assets safe and secured”

CONTEXT

The Technology Governance Risk and Compliance (“Technology GRC”) is a function within the Chief Information Officer Office (“CIOO”) domain. It is responsible for the design, implementation and oversee of the required controls to be embedded across the technology department of Richemont (“Group Technology”).

The Technology GRC department is a key function of the Group Technology department in the context of Security & Compliance activities. Following the 3 line of defence model, the Technology GRC function requires close collaboration and partnership with the 2nd and 3rd lines of defence functions.

It also plays a critical role Group Technology’s key initiatives and the oversight of programs and regulatory engagements.

HOW WILL YOU MAKE AN IMPACT?

Your key responsibilities will be the following:

- Coordinate security and compliance assessment efforts with both external and internal stakeholders with objective to achieve strengthen the posture of the Group from a security and compliance perspective.
- Assist in development of the methodology and execution of various compliance risk assessments.
- Serve as a key partner in identifying technology risks across the Group Technology organisation
- Partner with various 1st and 2nd line of defense functions (including business contacts) in completing and reporting the assessments.
- Work to compile results for management and assist in summarizing for strategic guidance.
- Report to management on regulatory developments and risks/issues identified within assigned Compliance area.
- Continuously improves internal compliance processes and methodologies relating to the Compliance Management Program and system.
- Be an ambassador of the security/privacy by design concept and promote a risk-based approach across projects and initiatives.

HOW WILL YOU EXPERIENCE SUCESS WITH US?

This role requires:

- demonstrated exposure to - and understanding of - the following IT Security Risk & Compliance concepts:

- Key-Information Security principles and reference framework(s) (e.g. NIST, SOX404, ICS,PCI-DSS, etc.)
- Key-principles derived from Data Security and Privacy regulations (e.g. EU GDPR, Chinese Cyber Security Law, South Korea PIPA, etc.)
- ITIL processes are a plus
- IT Risk Management principles and experience (e.g. FAIR methodology)
- Implementation and testing of Security controls (e.g. encryption keys management, network and data flow traffic, API management, etc. ) in at least one of the following contexts:

- Migration of a large infrastructure to a third-party vendor Cloud Hosting solution(e.g. Google, Amazon Webservices,..)
- Salesforce solution implementation (or equivalent)
- External and internal IT audits.

2. proven expertise in at least 2 of the following technical domains:

- IT GRC (in non-SAP environment)
- Compliance Assessments (e.g. SOX, ICS, ISO)
- Security Assessments and definition/coordination/implementation of remediation actions (e.g. Pen’ Tests, Application Security Review, Data Privacy & Protection review, etc.)
- Implementation and design of IT Security Controls (ITGC excluded - see above examples)

3.the following experiences and qualifications:

- Large international environment/ international teams
- Big4 experience appreciated - completed mandatorily by at least one non-consulting or non-audit role
- Industry recognised training and certification (e.g. CISA, CRISC, CISM, CISSP, ISO, ITIL etc.) is a plus

4.the following mindset:

- Hands-on, pragmatic, solution-seeker
- Good analytical and problem-solving skills to assess complex business and technical challenges.
- Excellent communication and negotiation skills to adapt your communication about cyber risks and security with a language that is appropriate to the audience at hand
- Very good documentation skills
- Fluent in English - Knowledge of an additional language is an asset

HOW DO WE KEEP YOU SMILING?
- You will be working in an international and multicultu