About the role:
Eastvantage is looking for its Compliance Director to oversee and establish compliance programs, policies and practices for the organization. You will be solely responsible for conducting timely internal audits and guaranteeing that Eastvantage complies with the Data Privacy Act, its associated regulations, and directives issued by the NPC (National Privacy Commission). Furthermore, you will also be responsible for maintaining and renewing certifications for regulations like ISO 27001:2013, PCI-DSS, GDPR and any other standards as per business requirements.
The Compliance Director at Eastvantage will be responsible for:
- Maintain and renew certifications for various regulations, including but not limited to ISO 27001:2013, PCI-DSS, GDPR, and any other applicable standards.
- Develop and oversee control systems to prevent violations of legal and internal policies.
- Set up list of all tasks, events, documents and compliance obligations required to be fulfilled by Eastvantage, along with their risk severity, deadlines, owners, approvers, and evidence.
- Identify vulnerabilities and revise procedures, reports, etc. periodically to avoid hidden risks or non-conformity issues.
- Conduct privacy impact assessments and ensure the continuous implementation of corrective actions.
- Promptly providing NPC with the necessary documentation related to incident reports, data breach notifications and find resolutions thereof.
- Prepare reports as needed for senior management and external regulatory bodies.
- Actively create and participate in information security awareness campaigns.
- Lead and guide the departments on risk assessment.
- Hold training sessions on ethics, compliance and workplace safety topics.
- Represent Eastvantage in all external agencies for data protection concerns.
- Act as a Compliance resource for process improvement projects and teams.
- Responsible for internal audit/reviews.
- Creating compliance strategies for new or changing legal requirements that may impact the company’s operations.
- Be responsible for training, development, and performance evaluations of direct reports.
- 8 years of professional experience with at least 4 years managing and building compliance strategies and audits.
- Experience working in a global organization.
- Have experience establishing Compliance procedures and structures and building a team from ground up.
- Proficient with ISO 27001:2013 and GDPR.
- Familiarity with PCI DSS, HIPAA, SOC2 and other compliance standards.
- Knowledge on applicable laws and regulations across geographies and domains, along with their updates and amendments.
- Knowledge of Risk Management Frameworks
- Experience with Data Privacy, Information security and business continuity management systems
- Is aware of the latest cyber-attacks across the globe and can create response strategy and roadmap towards neutralizing that with minimal damage.
- Have a profound understanding of the concepts of continual improvement (system improvement).
- Extensive knowledge of major business processes together with the key risks and controls associated with them.
- Professional certification like ISO 9001, CISA, CISP, CISSM is preferred.
- Exceptional communication skills and the ability to effectively report to the top management.
- Well-organized and a self-starter
- Must be available to work from office.