Lead, Tprm Risk and Compliance

3 months ago


Kuala Lumpur, Malaysia The Estée Lauder Companies Full time

The Estée Lauder Companies is the global leader in prestige beauty — delighting consumers with transformative products and experiences, inspiring them to express their individual beauty. We are the only company focused solely on prestige makeup, skin care, fragrance, and hair care with a diverse portfolio of 25+ brands sold in approximately 150 countries and territories. Infused throughout our organization is a passion for creativity and imagination — a desire to push the boundaries and invent the unexpected — as we continue the bold work of our founder Estée Lauder.

**Who We Are**

Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world’s most prestigious beauty, skincare, and luxury fragrance brands? Then join the information security and technology team, Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC). The ECR team fuels cyber-defense, technology excellence, risk and compliance, and global resilience. We stay on the forefront of cyber threats to deliver fit for purpose tools, technologies, and processes that protect ELC’s business operations and empower secure strategic growth. If you thrive in change rich entrepreneurial environments, then this is the team for you. From our fast-paced delivery plans to our global team expansion, this is an exciting time to join us

**What You’ll Do**

The ECR Manager, Risk and Compliance will drive Compliance initiatives, including evaluation of IT-related risks, assessment of control effectiveness, and control owner achievement of effective control environments for continued compliance. This role necessarily deals with highly confidential and sensitive information, and the role is expected to both define appropriate handling of such information for the enterprise and to implement best handling practices.

**You will be responsible for**:

- Partner with TPRM program key stakeholders to ensure the appropriate due diligence is conducted based on global and regional compliance requirements.
- Ability to understand details of vendor’s cybersecurity program and identify where gaps exist with internal company policy requirements.
- Cybersecurity technical expertise to review vendor attestations (e.g., SOC1/SOC2, Vulnerability Scan, Penetration Testing, PCI DSS, ISO 27001, etc.) and identify potential gaps or control weaknesses.
- Familiarity with China Privacy Laws and Cybersecurity regulations such as Personal Information Protection Law (PIPL), Data Security Law (DSL), Multi-Level Protection Scheme (MLPS) 2.0, and Cybersecurity Law of China (CSL).
- Familiarity with Frameworks such as NIST CSF, OWASP10, ISO, ITIL and CMMI.
- Awareness of emerging cybersecurity threats including zero-day vulnerabilities, supply chain, and iOT related risks
- Ability to clearly articulate the potential implications of cybersecurity risks to less technical users.
- Update IT policies, standards, and Standard Operating Procedures.
- Ability to triage use cases and prioritize due diligence activities based on the vendor’s inherent risk profile.
- Produce risk assessment reports and effectively communicate and collaborate with vendors to implement remediation responses.
- Effectively collaborate with cross-functional, interdisciplinary teams, such as Procurement, Supply Chain, R&D, Legal and Privacy to conceptualize and require contract security provisions for remediation of risk identified in vendor assessments specific use cases and third-party engagements.
- Able to develop effective, collaborative relationships with all levels of internal and external stakeholders.

**Qualifications** Who You Are**
- Practical experience in technology risk and control or IT audit, including experience in project governance/management and understanding of business processes, key IT risk/controls, organizations, markets, retail, and/or manufacturing.
- Strong communication skills, influence/negotiation skills, attention to detail, conflict management experience, analytical skills, and measurement/visualization ideas. Ability to problem-solve, think creatively, challenge the status quo, and manage ambiguity.
- Ability to communicate complicated or technical information to executives, including proven ability to work both independently and as part of a team, with stakeholders at all levels.
- Proficient in Microsoft Suite of products including Visio, Excel, Word, and PowerPoint. Proficient in English as a business language.
- Experience handling, securing, and communicating highly confidential and sensitive information.

**Job**: Information Technology
**Primary Location**: Asia Pacific-MY-14-Wilayah Persekutuan

**Job Type**: Standard
**Schedule**: Full-time
**Shift**: 1st (Day) Shift
**Job Number**: 2412174



  • Kuala Lumpur, Malaysia IT Business Solutions Sdn Bhd Full time

    Job description Group Security & Resilience Manager/Senior Manager, Third-Party Risk Reporting line Director/Head, Third-Party Risk Oversight Location Based in Kuala Lumpur. Requirement to travel in Group locations is low (10%) Purpose of Senior Manager role: Working with Group functions: Group Technology, Group Finance (particularly Procurement),...


  • Kuala Lumpur, Malaysia Prudential plc Full time

    Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support...


  • Kuala Lumpur, Malaysia Zurich Insurance Full time

    **Purpose**: Responsible for leading the third-party Risk(TPR) Management functional team and driving strategic TPR management, developing policy and models and overseeing the management of the governance framework to drive effective delivery and execution of TPR strategy. **Key Accountabilities**: - Lead the strategy implementation for third party risk...


  • Kuala Lumpur, Malaysia YTL-Sea Digital Bank Project Full time

    **About the Team**: Are you eager to elevate your career to new heights? Join us for an exhilarating opportunity to pioneer our groundbreaking digital bank project, where boundless possibilities await! We're thrilled to extend an invitation for you to join our vibrant team of visionaries, innovators, and trailblazers. As a **Technology Risk and Compliance...

  • Cyber Risk Analyst

    6 months ago


    Kuala Lumpur, Malaysia S&P Global Full time

    **About the Role**: **Grade Level (for internal use)**: 08 S&P Global Corporate **About the Role**: Cyber Risk Analyst This role helps reduce the cyber risk posed by third parties and protects S&P Global brands against possible attacks against our information assets by threat actors via backdoor created by our vendors. Primary responsibilities will include...

  • IT Risk

    6 months ago


    Kuala Lumpur, Malaysia Hong Leong Bank Full time

    IT Risk & Compliance Manager **If you are looking to excel and make a difference, take a closer look at us...** **Overview**: The IT Risk & Compliance Manager is responsible to develop & lead the IT compliance management practice for the effective management & implementation of IT processes & deliverables in terms of compliance, efficiency, management and...


  • Kuala Lumpur, Malaysia RHB Banking Group Full time

    Working Hour - Regular Hours - Monday - Friday- Business Area - Risk & Credit Management- Location - Malaysia - Kuala Lumpur- Description **Primary Objective**: We are seeking a highly experienced and dynamic individual to join our team as the Head, Operation Resilience of Third-Party Risk Management (TPRM) and Outsourcing. This role will be responsible for...

  • Risk & Compliance

    6 months ago


    Kuala Lumpur, Malaysia Gratitude Inc. Full time

    **Role**:Risk & Compliance **Timings**:Rotational Shifts (Permanent) **Industry**:Accounting / Finance **Work Mode**:Work from office **Functional Area**:Accounting / Tax / Company Secretary / Audit Key Skills: Analysis Risk Management Assessment of Risk Vendor Risk Analyst risk management, risk analyst skills Risk And Compliance.Risk Assessment - Job...

  • Lead Technology Risk

    6 months ago


    Kuala Lumpur, Malaysia YTL-Sea Digital Bank Project Full time

    Lead Technology Risk - Are you ready to take your career to new heights and play a pivotal role in safeguarding our organization's technological landscape? - We're on the lookout for a dynamic individual to join our team and lead the charge in implementing cutting-edge Technology Risk Management (TRM) initiatives. - As a member of our esteemed team, you'll...


  • Kuala Lumpur, Malaysia MSP HITECT (M) SDN BHD Full time

    **RISK & COMPLIANCE MANAGER** **Job Overview**: The Risk & Compliance Manager is a key professional responsible for identifying, assessing, and managing potential risks that could impact an organization's financial stability, reputation, or operational efficiency. In addition to traditional risk management duties, this role includes overseeing incident...


  • Kuala Lumpur, Malaysia Munich Re Full time

    Risk and Compliance Analyst Risk and Compliance Analyst (Contract) - Munich Re Retakaful **Company** Munich Re **Location** Kuala Lumpur, Malaysia Reporting to Chief Risk and Compliance Officer of Munich Re Retakaful, you are responsible to provide an effective key second line of defence role for Munich Re Retakaful operations both from a Bank Negara...

  • Executive, Risk

    6 months ago


    Kuala Lumpur, Malaysia Raffcomm Sdn Bhd Full time

    **Job Summary**: Responsible for ensuring the compliance of e-Money provider in accordance with e-Money guidelines, AMLA, Payment Systems Act, Financial Services Act and other relevant laws, rules and regulations issued by the Regulators (Government/ BNM) for Raffcomm Group (“Company”). Work in the Business Compliance Department to assist and to provide...


  • Kuala Lumpur, Malaysia Munich Re Full time

    Risk and Compliance Analyst Risk and Compliance Analyst (Contract) - Munich Re Retakaful **Company** Munich Re **Location** Kuala Lumpur, Malaysia Reporting to Chief Risk and Compliance Officer of Munich Re Retakaful, you are responsible to provide an effective key second line of defence role for Munich Re Retakaful operations both from a Bank Negara...


  • Kuala Lumpur, Malaysia Nestle Operational Services Worldwide SA Full time

    **Position Snapshot** Location: Petaling Jaya, Selangor, MY Company: Nestlé Malaysia Full-time Bachelor’s Degree 4+ years of experience **Position Summary** Joining Nestlé means you are joining the largest Food and Beverage Company in the world. At our very core, we are a human environment - passionate people driven by the purpose of enhancing the...


  • Kuala Lumpur, Malaysia Agensi Pekerjaan Smarttrend Sdn Bhd Full time

    **Key Responsibilities**: Development of ERM Policy and Framework - Develop, implement and manage the organisation's compliance and risk management policies and framework to deploy effective strategies. - Establish a sustainable Enterprise Risk Management Policies and Framework and Risk Rating Matrix to identify, assess, evaluate, measure and monitor key...


  • Kuala Lumpur, Malaysia Organon Full time

    **Business Practice Lead (Risk Management Officer) Malaysia and Singapore** You are a risk management professional with strong entrepreneurial mindset, collaborative, exemplify Organon leadership behaviors, be able to assess and provide mitigation on identified business integrity risks. As part of the extended Country Leadership team and a strong business...

  • Merchant Risk Lead

    6 months ago


    Kuala Lumpur, Malaysia Shopee Full time

    DepartmentOperations- LevelExperienced (Team Lead)- LocationMalaysia - Kuala LumpurThe Operation teams at Shopee covers the operational end-to-end process, from when the buyer searches for a product listed on the Shopee platform, to the moment the buyer receives the products. The team analyses and monitors operational KPIs across the region and conducts root...


  • Kuala Lumpur, Malaysia Avows Technologies Sdn Bhd Full time

    Job Title **IT Governance, Risk and Compliance** Job Duties/Skills and Responsibilities - Enforces IT standards and IT Governance - Manage group reporting (GITD) submission from consolidation till sign off. - Organize Monthly Technical Committee meeting. - Manage IT risks, IT audit and IT compliance. - Any other duties deem fit by the reporting...

  • Data Risk

    6 months ago


    Kuala Lumpur, Malaysia NMG Consulting Full time

    This is an excellent opportunity for a someone who wants to take the next step in their compliance career in a global B2B consulting firm. **Company Overview**: At NMG Consulting we are a nimble firm of ~130 people focusing exclusively on the Insurance, Reinsurance, Wealth Management and Asset Management Industries. Our advisory model uniquely integrates...


  • Kuala Lumpur, Malaysia Star Anise Limited Full time

    **MALAYSIA - Risk & Compliance Analyst Opportunity** **YUZU - Adaptable Resourcing for Modern Demands**: In today's ever-evolving business landscape, clients seek versatile resource solutions to effectively respond to dynamic market demands. In direct response to this need, Star Anise introduced YUZU Flexible Resourcing in Hong Kong. YUZU stands as our...