Head - Risk/Compliance

Key Responsibilities:

- Develop and refine IT governance frameworks aligned with ISO, regulatory standards, and best practices.

- Lead the implementation and maintenance of compliance programs (ISO 27001, SOC 2, PCI DSS, GDPR, HIPAA, etc.

- Manage enterprise-wide risk assessments, identifying and mitigating risks across people, processes, and technology.

- Oversee internal audits, third-party assessments, and the lifecycle of risk management activities.

- Define and monitor organizational risk tolerance, ensuring integration into strategic decisions.

- Lead the Business Continuity and Disaster Recovery (BC/DR) governance, aligned with ISO 22301.

- Foster a culture of accountability, compliance, and risk awareness across the organization.

- Serve as the primary point of contact for regulators, auditors, clients, and internal teams.

Qualifications:

- 10-15 years of leadership experience in risk, compliance, and audit.

- 5+ years in senior GRC roles, with experience managing cross-functional programs.

- Certifications: CISA, CRISC, CISM, ISO 27001 Lead Auditor/Implementer, DPO, etc.

- Expertise in ISO, NIST, data protection laws (GDPR, HIPAA, DPDPA), and cloud security compliance.

- Strong understanding of GRC tools

- Proven leadership, collaboration, and stakeholder management skills.

Key Performance Indicators (KPIs):

Zero major findings in audits (internal and external).

Timely closure of identified risks and non-conformities.

Improvement in organizational risk maturity and compliance scores.

High employee training completion and awareness scores.

Positive client feedback on compliance transparency and readiness