Job Summary

The Threat and process compliance lead is responsible for leading enterprise-wide IT risk assessment and mitigation efforts. This role collaborates closely with business leaders, compliance teams, and senior leadership to ensure that IT policies, procedures, and controls are aligned with business goals and regulatory requirements. The individual proactively identifies technical risks and prioritizes mitigation activities based on potential impact, while ensuring alignment with business goals.

Key Responsibilities

• The role is responsible for identifying, assessing, and managing technical risks across IT systems and services.
• It involves developing and implementing IT risk management policies in line with Swire group’s audit and compliance requirements such as vulnerability management and access and identity management. The individual collaborates with business and IT leaders to ensure risks are understood and mitigated in alignment with the organization’s risk posture. They communicate technical risk events and mitigation strategies to senior leadership, maintain operational risk documentation, and respond to client inquiries regarding technical risk matters.
• The position leads policy development for all aspects of the technical environment and oversees technical components of third-party oversight, including vendor onboarding and ongoing diligence. It works with Compliance to manage third-party IT risk assessments and address identified weaknesses such as SOC-1 reviews and tabletop exercises. The role ensures controls are aligned with industry-standard frameworks like NIST and ISO 27001.
• The individual works closely with the Cybersecurity Director to review and monitor threat detection, response, and remediation controls with the current threat landscape. They lead the vulnerability management program, including scanning, prioritization, and remediation tracking. They collaborate with the Security Operations Center (SOC) to coordinate incident response and threat intelligence sharing and standardize incident management processes including root cause analysis and implementation of mitigating controls.
• The role also partners with the Chief Compliance Officer and risk owners to ensure technical risks are integrated into the enterprise risk management framework. It evaluates and onboards tool to support the enterprise risk program and develops and reports on key risk and performance metrics. Additionally, the individual collaborates with IT and business stakeholders to enhance firm-wide data governance including classification, retention, and handling.
• Overseeing regular vulnerability scans across infrastructure, applications, and cloud environments using tools such as Qualys, Tenable.
• Prioritizing vulnerabilities based on risk impact, exploitability, and business context using CVSS scoring and threat intelligence.
• Reporting vulnerability metrics and trends to senior leadership and audit committees, highlighting areas of concern and progress.
• Ensuring integration of vulnerability data into broader risk management and compliance reporting frameworks.
• Coordinating with the Security Operations Center (SOC) to align vulnerability insights with threat detection and incident response activities.

Requirements

• Bachelor’s degree in information technology, Cybersecurity, or related field. ITIL certification or equivalent experience preferred.
• Proven experience in IT risk management, cybersecurity, and governance.
• Strong understanding of MITRE ATT&CK or similar frameworks.
• Experience with SOC 1, SOC 2, and control-based reviews.
• Excellent written and oral English and Local Language.