Principal, IT Security & Compliance, IT

To protect IBEX infrastructure from emerging threats and help organization in achieving business objectives. This position acts as senior level IS resource having strong background of Network and Cyber Security functions. This position will coordinate & will help implementing IT Security Roadmap and security processes for the protection of IBEX Global assets.

Responsibilities

• Information Security Risk Management & Assessments (Hands-On)
• Lead and perform end-to-end IT Risk Assessments, including inherent risk identification, control design and evaluation of operating effectivness, residual risk rating and risk treament recommendations.
• Assess risks across Infrastructure (on-prem, cloud, hybrid), Applications and Systems, data security and privacy, identity and access management, change and configuration management etc.
• Develop and maintain risk registers, risk heatmaps, and executive-level risk reporting.
• Support internal and external audits by providing risk documentation and remediation evidence.
• Supply Chain & Third-Party Risk Management
• Conduct Supply Chain / Third-Party IT Risk Assessments for vendors, partners, and service providers.
• Evaluate vendor risks related to Information Security, Data Protection & Privacy, Business Continuity and resilience, sub-contractor and fourth party risks.
• Review and assess Vendor security questionnaires, independent audit reports such as SOC2, ISO 27001, PCI DSS, Penetration Test Summaries, ISO 42001 for AI Service Providers etc.
• Collaborate with Procurement, Legal, and Compliance teams to define risk-based onboarding criteria, support contract security clauses, track vendor risk remediation activities etc.
• AI Risk Assessments & AI System Impact Assessments
• Lead and perform AI Risk Assessments across AI/ML systems, including but not limited to model risks, data quality and bias risks, secuirty and adversarial risks, privacy and data protection risks, ethical and responsible AI risks etc.
• Conduct AI System Impact Assessments (AISIAs) to evaluate impact on individuals and customers, regulatory and compliance implications, business and reputational risks etc.
• Align AI risk activities with relevant frameworks and regulations, such as ISO/IEC 42001 (AI Management Systems), NIST AI Risk Management Framework, Applicable data protection and AI regulations etc.
• Partner with AI, Data Science, Legal, and Product teams to embed risk controls into AI system lifecycles.
• Team Leadership & Management
• Manage, coach, and mentor team members.
• Review and approve risk assessment deliverables to ensure quality and consistency.
• Allocate work, set priorities, and track progress against agreed timelines.
• Provide performance feedback, skill development guidance, and technical direction.
• Promote standardization of risk assessment methodologies, templates, and reporting.
• Stakeholder Engagement & Reporting
• Act as a trusted risk advisor to technology, business, and senior leadership stakeholders.
• Present risk findings and recommendations to IT leadership, Risk committee, Senior management etc.
• Support the development of risk policies, standards, and procedures.
• Drive a culture of risk awareness and accountability across the organization.
  
  

Qualifications

EducationBachelors/Masters Degree in IT/CS/Software Eng./TelecomExperience8 - 12 yearsSkills and Abilities5+ years of hands on experience in IT/Information Security Risk Management

Strong understanding of ITRM concepts, methodologies, controls and architectures. Cloud.

Hands-on experience with Third-Party/Supply Chain Risk Assessments

Knowledge of risk frameworks such as ISO 27005, NIST CSF etc.

Strong presentation and communication skillsReporting Time5pm to 2am (PKST)