WHAT YOU'LL BE DOING

Key Responsibilities:

• Lead the quarterly ISMS management review and reporting on the organization's technology risks.
• Collaborate with enterprise risk management function and lead IT risk management review meetings.
• Define a strategic roadmap and plan to deliver on the IT-GRC function objectives.
• Develop and maintain IT policies, standards and frameworks aligned with industry best practices (e.g., ISO 27001, NIST, COBIT etc.)
• Develop and implement an IT compliance management and monitoring framework, overseeing the organization’s compliance efforts based on industry standards (e.g., ISO27001, PCI-DSS, SOC 2, HITRUST).
• Monitor, and report on the organization’s legal and regulatory compliance obligations, including those related to legislation (e.g., GDPR, NDPR, Cybercrime Act, NDPA).
• Develop and implement an IT risk management framework to identify, assess, manage, and mitigate risks.
• Perform general Risk Control Self-Assessment for the department covering people, process, technology, and suppliers, assigning risk severity scores and tracking mitigation plans.

WHAT QUALIFICATIONS YOU’LL NEED

Must-Have Qualifications/Experience:

• Hands-on, Individual contributor with strong communication (written and verbal) skills and the ability to work in a business partnering capacity whilst maintaining essential independence.
  
• Demonstrated track record of influencing stakeholders from different backgrounds and functions to drive risk-aware business outcomes.
  
• Demonstrated experience preparing and presenting risk reports to an executive and/or business leaders.
  
• An ability to lead strategically, with a commercial focus.
  

Preferred Background:

• 10 years experience in a Governance, Risk and Compliance role, with at least 3 years interacting with business leaders and executive leadership team.
• IT-GRC background with expert level knowledge of industry practices, IT processes, compliance frameworks and standards (e.g., COBIT, NIST, PCI-DSS, ITIL, SOC2, Hitrust, ISO 27001 etc.)
• CISA, CRISC, CGEIT, or other relevant industry security-focused certifications preferred.

WHAT WE PROVIDE

Hugo offers a hybrid work environment that balances employee flexibility with a collegial, fun office culture. We pride ourselves on offering a dynamic environment where ambitious professionals can make a measurable impact and accelerate their career. Our compensation and benefits are highly competitive.

PRIVACY STATEMENT

Any information you submit to Hugo as part of your application will be processed in accordance with Hugo’s Privacy Policy.

EQUAL OPPORTUNITY STATEMENT

Diversity, equity and inclusion are part of our DNA. Promoting and, where possible, improving diversity, equity and inclusion are a value-based and commercial necessity. We are an equal opportunity employer and welcome applications from all qualified individuals, regardless of race, sex, gender identify, sexual orientation, neurodiversity, disability, or any other legally protected status