Open Position(s):  1

Job Description:

Centillion is looking to hire a Head – Governance, Risk & Compliance (GRC), who will be responsible for the implementation of the Information Security Governance, Risk, and Compliance function. The Head of GRC will author and publish information security policies, standards, and controls, lead enterprise-wide risk assessment activities, develop control frameworks, and implement new cybersecurity program initiatives. The Head of GRC will oversee GRC projects, develop project plans and timelines, and coordinate resources for projects.

Key Responsibility Areas:

    • Build and lead the GRC Function.
    • Centillion’s Risk Management framework – includes but is not limited to Business Continuity, Corporate Governance, Enterprise Risk, Financial, Information and Security Risks, Contractual, Operational Risk Market, and Regulatory risks & Technology risks.
    • Design and implement an overall risk management process for the organization, which includes an analysis of the financial impact on the company when risks occur.
    • Perform risk assessment: Analyzing current risks and identifying potential risks.
    • Deliver risk reporting tailored to the relevant audience. Educating the board of directors about the most significant risks to the business; ensuring business heads understand the risks that might affect their departments; ensuring individuals understand their own accountability for individual risks.
    • Conduct policy and compliance audits, which include liaising with internal and external auditors.
    • Review compliance requirements for existing and new contracts or internal business proposals.
    • Build risk awareness and ISO awareness amongst staff by providing support, education, and training within the company.
    • Regular monitoring of the processes as per the defined ISO framework and providing feedback and guidance to the operations team from time to time.
    • Risk analysis of all new proposals and existing exposure.
    • Support/challenge the due diligence undertaken on delivery partners and counterparties.
    • Coordinate day-to-day interactions between the risk team and relevant product teams.
    • Monitor and report risks within portfolios in conjunction with the portfolio management function.
    • Support the leadership teams in managing risk.
    • Engage with external parties such as delivery partners and government bodies.
    • Carry out processes such as taking insurance, and implementing health and safety measures in consultation with HR.
    • Oversee and run Risk Management & Compliance meetings with senior management and internal teams.
    • Be the MR (management representative) for the organization.


    • Bachelor’s/Master’s degree in Computer Science, IT, or equivalent.
    • 7-10 years of experience in Information Security – security governance, regulatory governance, and/or IT audit preferred; with a proven track record in building and leading strong teams.
    • Global knowledge of cloud environments and associated constraints, especially on AWS and Azure.
    • Relevant industry-standard certifications preferred (i.e., CRISA/CISA, CISM, CISSP, SANS Institute/GIAC, PCIP, Certification in Financial Risk Management).
    • A strong understanding of security frameworks, standards, and where and when to apply them.
    • Ability to integrate technical data into executive reports by being methodical and detail-driven.
    • Strong reporting skills. We’re looking for a straight shooter who is pragmatic and adaptable to a fast-paced environment.
    • Excellent strategizing and communication skills with a keen sense of the big picture.