GRC Manager

Posted 17 June 2025
Salary HK$70000 - HK$95000 per month + medical coverage
LocationHong Kong
Job type Contract
Discipline Cyber Security
ReferencePR/006305_1750244366

Job description

Governance, Risk & Compliance (GRC) Manager / Senior Specialist - Cybersecurity

About the Role
Join our dynamic cybersecurity team as a key leader in shaping our Governance, Risk, and Compliance (GRC) strategy. We seek an experienced GRC professional to establish robust frameworks, proactively manage cyber risk, and ensure adherence to critical regulatory and industry standards. This role offers significant impact in safeguarding our organization while partnering with stakeholders across the business.

Key Responsibilities
Strategic GRC Leadership:

  • Develop, implement, and maintain the enterprise cybersecurity GRC framework, including policies, standards, and procedures aligned with regulations and best practices.

  • Lead compliance initiatives for major frameworks (PCI DSS, ISO 27001, NIST CSF, GDPR) and relevant standards (CMMC, CIP).

  • Monitor and report on GRC program effectiveness using Key Risk Indicators (KRIs) and compliance metrics for executive leadership.

Risk Management Excellence:

  • Conduct comprehensive risk assessments and gap analyses to identify, prioritize, and track cybersecurity threats.

  • Partner with business units and IT teams to develop actionable risk mitigation strategies and remediation plans.

  • Provide expert guidance on compliance obligations and risk management practices to stakeholders.

Audit & Assurance:

  • Coordinate internal/external audits and assessments, managing responses and corrective actions.

  • Prepare and present clear compliance reports for regulators, auditors, and senior management.

Qualifications & Experience
Essential:

  • Bachelor's degree in Cybersecurity, Risk Management, IT, or related field.

  • Minimum 10 years' experience in technology/risk management, including 5+ years in dedicated GRC or security compliance roles.

  • Proven expertise implementing and managing major compliance frameworks (PCI DSS, ISO 27001, NIST, GDPR).

  • Strong project management, analytical, and cross-functional collaboration skills.

  • Self-motivated with ability to drive initiatives independently.

  • Professional fluency in English and Chinese (written and spoken).

Highly Desirable:

  • Industry certifications: CISSP, CRISC, CISA, CISM, or equivalent.

  • Hands-on experience with GRC technology platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC).