Threat and Process Compliance Lead

JOB SUMMARY:
The Threat and process compliance lead is responsible for leading enterprise-wide IT risk assessment and mitigation efforts. This role collaborates closely with business leaders, compliance teams, and senior leadership to ensure that IT policies, procedures, and controls are aligned with business goals and regulatory requirements. The individual proactively identifies technical risks and prioritizes mitigation activities based on potential impact, while ensuring alignment with business goals.

KEY RESPONSIBILITIES:

· The role is responsible for identifying, assessing, and managing technical risks across IT systems and services.

· It involves developing and implementing IT risk management policies in line with Swire group’s audit and compliance requirements such as vulnerability management and access and identity management. The individual collaborates with business and IT leaders to ensure risks are understood and mitigated in alignment with the organization’s risk posture. They communicate technical risk events and mitigation strategies to senior leadership, maintain operational risk documentation, and respond to client inquiries regarding technical risk matters.

· The position leads policy development for all aspects of the technical environment and oversees technical components of third-party oversight, including vendor onboarding and ongoing diligence. It works with Compliance to manage third-party IT risk assessments and address identified weaknesses such as SOC-1 reviews and tabletop exercises. The role ensures controls are aligned with industry-standard frameworks like NIST and ISO 27001.

· The individual works closely with the Cybersecurity Director to review and monitor threat detection, response, and remediation controls with the current threat landscape. They lead the vulnerability management program, including scanning, prioritization, and remediation tracking. They collaborate with the Security Operations Center (SOC) to coordinate incident response and threat intelligence sharing and standardize incident management processes including root cause analysis and implementation of mitigating controls.

· The role also partners with the Chief Compliance Officer and risk owners to ensure technical risks are integrated into the enterprise risk management framework. It evaluates and onboards tool to support the enterprise risk program and develops and reports on key risk and performance metrics. Additionally, the individual collaborates with IT and business stakeholders to enhance firm-wide data governance including classification, retention, and handling.

· Overseeing regular vulnerability scans across infrastructure, applications, and cloud environments using tools such as Qualys, Tenable.

· Prioritizing vulnerabilities based on risk impact, exploitability, and business context using CVSS scoring and threat intelligence.

· Reporting vulnerability metrics and trends to senior leadership and audit committees, highlighting areas of concern and progress.

· Ensuring integration of vulnerability data into broader risk management and compliance reporting frameworks.

· Coordinating with the Security Operations Center (SOC) to align vulnerability insights with threat detection and incident response activities.

• Bachelor’s degree in information technology, Cybersecurity, or related field. ITIL certification or equivalent experience preferred. 
• Proven experience in IT risk management, cybersecurity, and governance.
• Strong understanding of MITRE ATT&CK or similar frameworks.
• Experience with SOC 1, SOC 2, and control-based reviews. 
• Excellent written and oral English and Local Language.
• Excellent leadership, organizational, and interpersonal skills with a proven ability to build and mentor high-performing teams.
• Risk Management Expertise: Advanced knowledge of IT risk identification, assessment, and mitigation techniques. Skilled in applying risk frameworks such as NIST RMF, ISO 31000, and COBIT to complex enterprise environments.
• Cybersecurity Acumen: Strong understanding of threat modeling, vulnerability management, and incident response. Familiarity with MITRE ATT&CK, CVSS scoring, and SOC operations.
• Governance & Compliance: Expertise in designing and enforcing IT governance structures. Deep familiarity with regulatory requirements including SOX, GDPR, and FedRamp, and experience managing audits and control reviews (SOC 1, SOC 2).
• Policy Development & Implementation: Proven ability to draft, implement, and maintain IT policies and procedures across diverse technical domains including access control, data protection, and third-party risk.
• Analytical & Reporting Skills: Ability to interpret technical risk data and translate it into actionable insights. Skilled in developing dashboards, KPIs, and executive-level reporting.
• Stakeholder Engagement: Effective communicator with the ability to influence senior leadership and cross-functional teams. Experience in presenting risk scenarios and mitigation strategies to non-technical audiences.
• Tooling & Automation: Hands-on experience with GRC platforms, vulnerability scanners (e.g., Qualys, Tenable), and risk analytics tools. Ability to evaluate and onboard new technologies to enhance risk visibility and control effectiveness.
• Incident Management & Root Cause Analysis: Capable of leading post-incident reviews, conducting root cause analysis, and implementing corrective actions to prevent recurrence.
• Ability to travel as needed to support global and regional operations.

***Please note that by submitting an application to us, you consent to our processing of personal data about you that is provided by you and otherwise lawfully collected by us (which may include sensitive data) for our company's recruitment purpose. Where you provide us personal data of others, you further undertake that we are permitted to receive and process such data for the purpose for which you provided it. You may send your queries or request for support concerning our personal data processing activities to hrvn(at)coca-cola.com.vn. To better understand our personal data processing practices, please visit swirecocacola.(com)/en/Others/Privacy-Policies.html to the full Privacy Policy of Coca-Cola Beverages Viet Nam Limited.

Swire Coca-Cola is committed to fostering an environment that values Diversity, Equality, Inclusion, and Belonging. We believe that a diverse workforce drives our goals and contributes to overall success. As an equal opportunity employer, Swire Coca-Cola hires talented individuals from any backgrounds and conditions. We strive to create a work environment that is respectful, inclusive, and free from any form of discrimination, harassment, or intimidation. If you require special assistance due to disability or any other conditions during any stage of the recruitment process, please feel free to contact us via email hrvn(at)coca-cola.com.vn at any time. We appreciate your interest in joining our team and your commitment to contributing to a diverse and inclusive workplace

• Degree: Bachelor
• Age: Unlimited
• Working time: Permanent