10393 - Security Strategy and Risk Management HOD

About The Position

Requirements

• Experience & Leadership: 15-20 years of progressive experience across Information Security, GRC/Risk Management, customer/vendor security management and/or strategic operations.
• Education : Bachelor's degree in Cybersecurity, Information Technology, Risk Management, Business Administration or a related discipline.
• Technical Expertise : Excellent stakeholder management, communication, and leadership skills.
• Demonstrated experience working across multi-disciplinary teams to achieve common objectives.
• Language Skills : Proficient in English for effective communication and coordination.

Nice To Haves

• Education and Certifications : Masters degree in Cybersecurity, Risk Management or Business Administration is preferred.
• Industry-recognized credentials such as PMP, PRINCE2, CISA, CISM, or CISSP are highly desirable.
• Framework Experience : Familiarity with ISO 27001, NIST CSF, SOC2 Type II or similar security and risk management frameworks is an advantage.
• Language Skills : Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.
• Client-Facing Experience : Background in cybersecurity consulting or advisory services, particularly in risk management, is a plus.

Responsibilities

• Risk Governance & GRC Operations Lead enterprise-wide risk assessment, risk issue management, and risk exception management to ensure ongoing visibility and treatment of information security and operational risks.
• Maintain and enhance risk management frameworks aligned with industry best practices (NIST, ISO, etc).
• Deliver insightful, data-driven risk reporting to senior leadership, governance bodies, and business units and fellow heads of department.
• Compliance & Audit Management Oversee the Information Security compliance and control assurance program, ensuring alignment with regulatory requirements and industry frameworks (ISO 27001, SOC 2, NIST, PCI DSS, etc.).
• Lead coordination of internal and external audits, assessments, and certification processes.
• Partner with Legal, Privacy, and other control functions to ensure controls are consistent implemented and effectively.
• Third-Party Risk Management Lead the Third-Party Risk Management (TPRM) program, utilizing a risk-based due diligence, ongoing monitoring, and remediation process.
• Collaborate with Procurement, Legal, and business stakeholders to ensure integration of vendor risk management into the enterprise risk framework.
• Policy, Standards & Governance Oversee creation, governance, maintenance, and communication of Information Security policies, standards, and procedures.
• Manage policy exceptions, ensuring risk-aware and consistent decision-making aligned with regulatory and corporate expectations.
• Information Security Training & Awareness Direct the Information Security Training and Awareness program, promoting a strong security culture throughout the organization.
• Develop metrics and campaigns to measure awareness effectiveness and employee engagement.
• Security Strategy Development & Execution Partner with the CISO to define and maintain the Information Security strategic roadmap, ensuring alignment with business goals, customer expectations, and risk priorities.
• Drive annual and multi-year planning, capability development, and maturity improvement initiatives.
• Translate strategy into clear programs, timelines, milestones, and measurable outcomes.
• Budget & Financial Management Lead budget planning, forecasting, tracking, and optimization for the full Information Security organization.
• Ensure financial transparency and cost-efficiency across tools, services, staffing, and initiatives.
• Resource Planning & Workforce Strategy Oversee resource and capacity planning across global security teams, ensuring proper allocation of FTEs, contractors, and service providers.
• Partner with HR and Talent teams to shape hiring strategies, workforce development, and organizational design.
• KPI, Metrics & Service Delivery Monitoring Develop and maintain dashboards and reporting structures for Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and OKRs across the Information Security program.
• Ensure accurate Customer Business Unit (CBU) service delivery monitoring, SLA performance, and operational effectiveness assessments.
• Provide executive-level reporting that enables informed decision-making and continuous improvement.
• Leadership & Stakeholder Engagement Build, lead, and mentor a team across IRM, strategy, and planning functions.
• Act as a trusted advisor to other senior leaders on risk posture, compliance maturity, strategic performance, and organizational priorities.
• Foster strong business partnerships, ensuring transparency, collaboration, and shared accountability for risk and security outcomes.