IT Security GRC Manager

Department: IT Security – Governance

About the Role

Our Client is seeking an experienced IT Security GRC Manager to lead the organisation’s Governance, Risk, and Compliance (GRC) function. This role is responsible for ensuring security controls are well-designed, risks are identified and managed effectively, and compliance obligations are met across IT and operational environments.

You will work closely with IT, operations, legal, procurement, and third-party stakeholders to embed security practices into daily business processes within a logistics and supply chain environment.

Key Responsibilities

• Develop, implement, and maintain information security policies, standards, and procedures aligned with regulatory and business requirements.
• Establish governance frameworks integrating security across enterprise systems, warehouse technologies, transportation platforms, and corporate applications.
• Lead organisation-wide security awareness initiatives for both office and operational personnel.

• Manage the enterprise security risk program, including risk identification, assessment, mitigation planning, and reporting.
• Maintain and monitor the risk register, Key Risk Indicators (KRIs), and risk heatmaps.
• Prepare executive-level risk reports and support regulatory or customer assessments.
• Monitor emerging threats and regulatory developments relevant to logistics and supply chain operations.

• Support compliance with recognised frameworks such as ISO 27001, SOC 2, NIST CSF, GDPR, PDPA, CTPAT, and PCI DSS (where applicable).
• Coordinate internal and external audits, ensuring timely remediation of findings.
• Maintain compliance documentation, control libraries, and audit evidence repositories.
• Support incident response activities to ensure regulatory and contractual compliance obligations are met.

• Lead vendor security due diligence, risk assessments, and ongoing monitoring.
• Collaborate with procurement and legal teams to incorporate security requirements into vendor agreements.
• Assess security posture of logistics partners, carriers, and technology providers.

• Develop and maintain incident response governance documentation and conduct tabletop exercises.
• Oversee the design, testing, and monitoring of security controls across IT and operational technology environments.
• Track control effectiveness and drive continuous improvement initiatives.

• Deliver regular updates to senior leadership on risk posture and compliance status.
• Respond to customer security questionnaires and supply chain security assessments.
• Communicate technical security topics clearly to business stakeholders.

• Bachelor’s degree in Information Security, Computer Science, or a related discipline.
• 5+ years of experience in IT Security, Governance, Risk, Compliance, or related roles.
• Strong understanding of security frameworks such as ISO 27001, NIST CSF, and SOC 2.
• Experience managing audits, compliance programs, and enterprise risk assessments.
• Knowledge of data protection regulations (e.g., GDPR, PDPA).
• Experience in logistics or supply chain environments is advantageous but not mandatory.
• Professional certifications such as CISSP, CISM, CRISC, or CISA are preferred.
• Strong analytical, communication, and stakeholder management skills.