Company Description
At QIMA, we are on a mission to offer our clients smart solutions to make products you can trust.
Operating in over 100 countries, we serve the consumer products, food, and life sciences industries and help more than 30,000 brands, retailers, manufacturers, and growers achieve quality excellence.
We combine on-the-ground expertise with digital solutions that bring accuracy, transparency and intelligence for quality and compliance data.
What sets us apart is our unique culture. Our 5,000 Qimers live and make decisions every day by our QIMA Values. With client passion, integrity, and a commitment to make things simple, we disrupted the Testing, Inspection, and Certification industry. Are you ready to hop on this exciting ride with us and help us achieve our mission
Job Description
The Governance, Risk, and Compliance (GRC) team member will be reporting to the Head of Information Security and is responsible for supporting and enhancing the organization's efforts to ensure adherence to policies, regulatory requirements, and industry security best practices. This role involves coordinating, executing, and overseeing various tasks related to governance, risk management, and compliance to protect the organization's assets, reputation, and ensure operational effectiveness.
The GRC specialist will work together with the Security Operations Leader, Security Operations Engineer, and QIMA internal stakeholders to meet the objectives of the audit requirements, identify risks present in the group, and to assess non-conformities and non-compliance against the organization's Information Security Management System Policy and align the remediation plan with target dates against the respective owners.
The GRC specialist must have a good understanding of the different security and data privacy laws and regulations and industry security best practices with the ability to apply these standards to the QIMA environment.
Key Responsibilities
- Governance:
- Develop, implement, and maintain policies, procedures, and frameworks to support QIMA's organizational governance objectives.
- Foster a culture of security, compliance and ethical behavior within the organization.
- Conduct regular assessments and audits of governance processes to identify areas for improvement.
- Risk Management:
- Identify, assess, and prioritize risks for remediation that may impact the organization's operations and overall security posture.
- Develop risk mitigation strategies and monitor their effectiveness, until closure.
- Maintain a risk register and ensure all risks are documented, evaluated, and tracked.
- Collaborate with various departments to create and implement risk management plans.
- Compliance:
- Stay up to date with changing regulations and assess their impact on the organization.
- Work with the Data Privacy Office and Legal teams to ensure the organization complies with all relevant laws, regulations, and standards.
- Conduct regular internal reviews and identify non-conformities against QIMA's Information Security Management System Policy that needs to be addressed.
- Deploy regular security awareness to all employees and work with training team for security trainings and programs to be delivered to QIMA.
- Documentation and Reporting:
- Maintain accurate records of GRC activities, including policy documents, risk assessments, and compliance reports.
- Prepare and present reports on governance, risk, and compliance activities to senior management and the board of directors.
- Document incidents and breaches and manage remediation actions.
- Collaboration and Communication:
- Liaise with Security, IT, Compliance, Legal, HR, and other departments and stakeholders to ensure cohesive compliance and risk management efforts.
- Act as a point of contact for regulatory bodies, auditors and client security requirements.
- Provide guidance and support to all QIMA employees on GRC-related matters.
Qualifications
In order to succeed in this role, you should have:
- An understanding of Information Security principles, protocols, and frameworks and security and privacy regulatory requirements.
- A background on creating and maintaining Information Security policies and procedures.
- A strong understanding of complex IT issues, and knowledge of the latest systems and standards.
- A proactive and responsible approach to work with good communication skills.
- Ability to exercise independent judgment and creative problem-solving techniques.
Education & Experience
- Bachelor's degree in Computer Science, Information Systems, Engineering, Cybersecurity, or related field of technical expertise.
- With experience on leading/participating in SOC2, ISO27001, and other security-related audits.
- With experience on performing risk assessments and management.
- With experience on conducting/leading Business Continuity and Disaster Recovery Plans.
- Preferable with a background in IT internal audit, who is knowledgeable on IT infrastructure.
