Listing Description
Team Description:
Data at Coupang is a key business asset. It is of paramount importance that we process and manage data in a way that complies with information security laws and regulations and that maintains data confidentiality, availability, and integrity. The Security Governance, Risk, and Compliance team is responsible for developing/revising policies related to enterprise-wide information security, helping ensure that security policies align with business objectives, raising and educating employees about security, managing enterprise-wide information security risks and capability maturity, and managing information security certifications.
Role Overview:
This role is an individual contributor on the Security GRC team. This team member will apply their information security knowledge and skillsets to assist in support of Security GRC activities. These activities may include coordinating updates to the information security policies, standards, or guidelines or gathering responses in support of our information security certifications. This team member can work independently and should be able to multitask and manage competing priorities in a fast-paced environment, yet remain flexible. He/she will have excellent interpersonal skills, work well with others, and quickly learn our business.
Key Responsibilities:
Understand Korean and International Information Security & Privacy laws, regulation and policies
Perform risk assessments, report results, and track mitigation
Collaborate with key stakeholders to track, manage and reduce risk
Support for development and maintenance of information security policies and procedures
Change management, exception process operation, and management for Security policies
Communication with relevant departments on topics related to information security and regulatory requirements
Security awareness-raising and training program development and operation
Certification compliance requirements coordination and data gathering
Basic Qualifications:
Bachelor’s Degree is required.
At least 1 – 3 years of information security experience
Experience in information security and personal information protection management system (e.g. ISMS-P, ISO27001)
Experience and understanding of IT infrastructure, services, and cloud service
Experience and understanding of security system operation/management
Understanding and experience of risk management methodology based on ISO27001/2, NIST CSF
Experience with GRC tools, ticketing systems like JIRA, collaboration tools like SharePoint
Experience in checking and responding to government agencies such as KISA, the Ministry of Defense, the Personal Information Protection Commission, and the Financial Supervisory Authority
Passionate about identifying and improving information security
Strong and effective communication skills
Preferred Qualifications:
Understanding and experience in laws and regulations such as information security or personal information protection in Korea
Inspection of basic compliance matters such as the Personal Information Protection Act, the Traditional Network Act, and the Electronic Financial Transaction Act
Security certification holders (CISA, CISSP, ISO27001, CISM, Other)
AWS security experience
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided