It Risk, Controls

**Your impact**:
We have an outstanding opportunity for an experienced IT Risk, Controls & Compliance Manager to join the team working across our Technology and our outsourced Technology teams. As the IT Risk, Controls & Compliance Manager, you will play a vital role in ensuring the safety and integrity of our technology systems and infrastructure. Your primary responsibility will be to collaborate with internal and external audit and risk teams, providing risk management expertise and driving compliance initiatives.

You will work closely with technology stakeholders, third-party service providers, and cross-functional teams to enhance our cyber posture, manage risks effectively, and maintain compliance with relevant standards and regulations. As part of your new role you will have one direct report and several matrixed reports within our third party.

**Key Responsibilities**:

- Serve as the main point of contact for technology-related matters with internal and external audit and risk teams.
- Ensure technology teams are aware of their audit and risk commitments, meeting deadlines, and fulfilling obligations.
- Oversee JSOX compliance, ensuring that third-party service providers meet their obligations.
- Manage third-party risk management for critical IT vendors.
- Maintain the Asahi security policies and standards.
- Monitor and report compliance with ASD Essential Eight controls, implementing corrective actions as needed.
- Operate the Third Party Risk process and Cloud compliance tools.
- Provide consultation and guidance to technology stakeholders on risk definition, design, and operational appropriateness.
- Maintain a risk register for technology teams and provide data to internal and external audit and risk teams.
- Collaborate with cross-functional teams to enhance the overall cybersecurity posture of the organization.
- Ensure adherence to environmental health and safety regulations and report incidents or hazards promptly.

**About you**:

- **Experience**: You have a minimum of 3 years of experience in security risk roles, coupled with at least 2 years of experience in general Information Technology. This background has equipped you with a comprehensive understanding of risk frameworks such as NIST, 27001, and CMM, as well as exposure to ASD Essential Eight guidelines. You also have hands-on experience with SAP SoD (Segregation of Duties) and GRC (Governance, Risk, and Compliance).
- **Analytical Mindset**: Your curiosity and desire to understand the details make you an excellent fit for this role. You possess a strong understanding of basic computer science principles, enabling you to assess and analyze complex security incidents effectively.
- **Technical Proficiency**: You have a solid understanding of IT operations, including help desk management, endpoint management, and server management. Familiarity with the MS Security stack is highly valued.
- **Communication Skills**: Your exceptional verbal and written communication skills allow you to effectively convey complex concepts to various stakeholders. You can provide clear and concise explanations, ensuring a shared understanding of cybersecurity risks and mitigation strategies.

**Why us?**

Asahi Beverages is one of the leading beverage companies in Australia and New Zealand with a rich and varied history. Comprising some of Australia and New Zealand's most loved brands, the company's Regional Hub is based in Melbourne with three Business Divisions - Asahi Lifestyle Beverages (formerly Schweppes Australia), Carlton & United Breweries (CUB) in Australia; and Asahi Beverages NZ and The Better Drinks Co. in New Zealand. There's always a great deal going on and opportunities abound for those ready to take them.