Senior Manager, IT-Governance, Risk & Compliance at Hugo

About the Job

Hugo offers a hybrid work environment that balances employee flexibility with a collegial, fun office culture. We pride ourselves on offering a dynamic environment where ambitious professionals can make a measurable impact and accelerate their career. Our compensation and benefits are highly competitive.

Your Job Description

• Lead the quarterly ISMS management review and reporting on the organization's technology risks.
• Collaborate with enterprise risk management function and lead IT risk management review meetings.
• Define a strategic roadmap and plan to deliver on the IT-GRC function objectives.
• Develop and maintain IT policies, standards and frameworks aligned with industry best practices (e.g., ISO 27001, NIST, COBIT etc.).
• Develop and implement an IT compliance management and monitoring framework, overseeing the organization’s compliance efforts based on industry standards (e.g., ISO27001, PCI-DSS, SOC 2, HITRUST).
• Monitor, and report on the organization’s legal and regulatory compliance obligations, including those related to legislation (e.g., GDPR, NDPR, Cybercrime Act, NDPA).
• Develop and implement an IT risk management framework to identify, assess, manage, and mitigate risks.
• Perform general Risk Control Self-Assessment for the department covering people, process, technology, and suppliers, assigning risk severity scores and tracking mitigation plans.

The Job Requirements

• Must-Have Qualifications/Experience:
  • Hands-on, Individual contributor with strong communication (written and verbal) skills and the ability to work in a business partnering capacity whilst maintaining essential independence.
  • Demonstrated track record of influencing stakeholders from different backgrounds and functions to drive risk-aware business outcomes.
  • Demonstrated experience preparing and presenting risk reports to an executive and/or business leaders.
  • An ability to lead strategically, with a commercial focus.
• Preferred Background:
  • 10 years experience in a Governance, Risk and Compliance role, with at least 3 years interacting with business leaders and executive leadership team.
  • IT-GRC background with expert level knowledge of industry practices, IT processes, compliance frameworks and standards (e.g., COBIT, NIST, PCI-DSS, ITIL, SOC2, Hitrust, ISO 27001 etc.).
  • CISA, CRISC, CGEIT, or other relevant industry security-focused certifications preferred.