Risk and Compliance Manager

Client Profile: A global leader in optical lens technology, building its Center of Excellence in the Philippines to drive innovation and growth.

Job Responsibilities:

• Risk Management:

• Conducts risk assessments for various departments and functions, analyzing potential business impact due to loss of digital systems.

• Identify, analyze, and evaluate digital systems and data related risks, including potential threats,vulnerabilities, and impacts on business continuity.
• Develop and implement risk mitigation strategies and controls to minimize the likelihood and impact of disruptions.
• Conduct regular risk assessments and gap analyses to identify emerging risks and recommend appropriate risk treatment measures.
• Monitor and report on risk indicators and metrics to ensure proactive risk management.

• Business Continuity Planning:

• Align recovery time and point objectives with requirements from the business and technical/financial viability for critical systems.

• Ensure system-specific recovery playbooks for critical digital systems are designed, documented, and maintained by the relevant technical teams, and capable of supporting the agreed recovery time and point objectives.
• Develop comprehensive continuity plans with the business that defines how they will continue to operate while system recovery is ongoing; reviews, revises, and expands existing plans and protocols.
• Ensure business continuity plans are developed, owned, and maintained by business stakeholders.
• Conduct regular tests, drills, and exercises to validate the effectiveness of system recovery plans and identify areas for improvement.

• Compliance and Regulatory Requirements:

• Stay up to date with relevant industry standards, best practices, and regulatory requirements related to IT risk management and business continuity.

• Ensure compliance with applicable laws, regulations, and contractual obligations.
• Conduct periodic audits and assessments to evaluate compliance.
• Implement corrective actions for compliance gaps.

• Stakeholder Engagement:

• Collaborate with internal stakeholders, including IT teams, executive management, and business units, to understand their requirements and align risk management and business continuity initiatives with organizational goals.

• Provide guidance and support to business units during the development and implementation of business continuity plans.
• Act as a subject matter expert on IT risk management and business continuity, providing training and awareness programs to enhance the organization's overall resilience.
• Develops (with support from vendor) and provides staff training on risk management/business continuity and disaster recovery.
• Support the Group IT Director, Head of Security in the definition of the strategic orientations of digital risk management at Hoya.
• Participates in the organization's business continuity planning together with HSE, Risk to align the organization's emergency management plan with established best practices.

Education/Training:

• University degree or college diploma in computer science or information security.

Experience & Skills:

• 10+ years of experience in IT Operations or Risk Governance.
• Proven track record in developing and implementing IT business continuity plans.
• Strong strategic thinking, problem-solving, and analytical skills.
• Experience identifying risks in business processes and hypothetical scenarios.
• Ability to collaborate in emergency planning and continuity initiatives.
• Deep understanding of IT risk management frameworks (ISO 27001, NIST, COBIT).
• Familiarity with regulatory and industry standards (GDPR, HIPAA, SOX, PCI DSS).
• Effective communication and interpersonal skills for collaboration across levels.
• Experience in incident response and crisis management preferred.
• Professional certifications like CBCP or CISSP are a plus.
• Skilled in policy and process creation, management, and documentation.
• Willingness to work flexible hours and travel as needed.
• Strong interpersonal skills; approachable and team-oriented.