Integrated Risk Management Head of Department (HOD)

About The Position

Requirements

• 15–20 years of progressive experience in Information Security and GRC.
• Proven track record managing global risk and compliance programs in complex, multinational organizations.
• Familiarity with ISO 27001, NIST CSF, SOC2 Type II or similar security and risk management frameworks.
• Experience leading audits, certifications, and regulatory assessments.
• Strong stakeholder management and communication skills, with the ability to influence across all organizational levels and business units.
• Bachelor’s degree in Information Security, Risk Management, or related field.

Nice To Haves

• Masters degree in Cybersecurity, Risk Management or Business Administration is preferred. Industry-recognized credentials such as CISSP, CISM, CRISC, CGEIT, ISO 27001 Lead Implementer/Auditor) preferred.
• Deep understanding of risk management frameworks (NIST, ISO 31000, COSO), security standards (ISO 27001, NIST CSF), and regulatory requirements (GDPR, PCI DSS, etc.) is preferred.
• Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.
• Background in cybersecurity consulting or advisory services, particularly in risk management, is a plus.

Responsibilities

• Oversee the enterprise-wide risk management lifecycle, including risk assessments, risk issue management, and risk exception management processes.
• Develop, update and maintain frameworks for identifying, assessing, mitigating, and monitoring security and operational risks.
• Ensure that risk posture and metrics are accurately reported to executive leadership, governance committees, business units and fellow heads of department.
• Lead the Information Security compliance program, ensuring alignment with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, NIST, etc).
• Coordinate and manage internal and external audits, assessments, and attestations.
• Partner with Legal, Privacy, and other control functions to ensure consistent and effective control implementation and testing.
• Lead the Third-Party Risk Management (TPRM) program, utilizing a risk-based due diligence, ongoing monitoring, and remediation process.
• Collaborate with Procurement, Legal, and business stakeholders to ensure integration of vendor risk management into the enterprise risk framework.
• Oversee the maintenance and governance of information security policies, standards, and procedures.
• Ensure policies reflect best practices, regulatory expectations, and evolving threat landscapes.
• Establish governance forums for policy exceptions and periodic reviews.
• Ensure adoption of relevant policies and standards across business units.
• Direct the Information Security Training and Awareness program, promoting a strong security culture throughout the organization.
• Develop metrics and campaigns to measure awareness effectiveness and employee engagement.
• Serve as a trusted advisor to the CISO and executive management, providing insights on risk posture, compliance maturity, and control effectiveness.
• Build and lead a high-performing, GRC team across North America.
• Lead the maintenance, and continuous evolution of the GRC platform to meet enterprise and business unit needs.
• Drive continuous improvement through automation, data-driven decision-making, and integration of IRM technologies and platforms.