杭州·余杭区
职位详情
About the Role:
We are looking for a highly capable and experienced Risk & Compliance Specialist to join Lazada’s expanding cyber security function. In this position, you will take a central role in overseeing Third-Party Risk Management (TPRM) and Information Technology (IT) risk throughout Lazada’s operational landscape. Your responsibilities will include evaluating, tracking, and reducing risks tied to external vendors and internal IT systems, ensuring alignment with international standards and industry best practices.
This is a hands-on position requiring solid expertise in cyber security, sound independent judgment, strong communication abilities, and a forward-thinking approach. Given Lazada’s presence across multiple Southeast Asian markets, the ideal candidate must possess proven experience in global risk management, a broad understanding of international regulations, and the capacity to use data-driven insights to detect, analyze, and address risks effectively.
The successful individual will manage full-cycle risk assessment initiatives, apply data analytics to guide risk strategies, and work collaboratively with cross-functional groups such as procurement, legal, information security, and regional business units.
Key Responsibilities:
● Manage complete Third-Party Risk Management (TPRM) workflows, including risk evaluations, due diligence reviews, control assessments, and continuous vendor monitoring.
● Perform thorough IT risk analyses across applications, infrastructure, and cloud platforms.
● Design and maintain risk frameworks, policies, and procedures that align with recognized standards (e.g., ISO 27001, NIST).
● Partner closely with procurement, legal, information security, and business units to support informed, risk-based decisions.
● Generate comprehensive risk reports and communicate findings and action plans to stakeholders and leadership.
● Advance risk tools, methods, and automation through the use of data analytics and measurable risk indicators.
● Leverage data to anticipate emerging threats, evaluate control performance, and assist in strategic risk prioritization.
● Keep current on evolving cyber threats, compliance requirements, and risk developments across global markets.
● Apply a cross-border risk perspective when assessing vendor and IT risks across various jurisdictions and regulatory environments.
Qualifications:
● Bachelor’s or Master’s degree in Information Security, Risk Management, Computer Science, or a related discipline.
● At least 5 years of professional experience in Third-Party Risk Management (TPRM) and IT Risk/Information Security.
● Demonstrated ability to independently lead risk assessment projects from initiation to completion.
● Solid knowledge of IT controls, data privacy principles, and compliance regulations (e.g., GDPR, PDPA).
● Prior experience with risk frameworks and audit standards (e.g., ISO 27001, SOC 2, PCI-DSS) is strongly preferred.
● Proven background in managing risks in international or multi-jurisdictional settings, with awareness of diverse regional rules and compliance demands.
● Proficient in applying data analytics, risk scoring models, and risk intelligence tools to enhance decision-making and risk transparency.
● High level of English proficiency (written and spoken) – must be able to engage confidently with global teams.
● Self-driven, detail-focused, and able to operate independently in a fast-moving, dynamic setting.
● Strong analytical thinking, problem-solving capabilities, and interpersonal communication skills.
We are looking for a highly capable and experienced Risk & Compliance Specialist to join Lazada’s expanding cyber security function. In this position, you will take a central role in overseeing Third-Party Risk Management (TPRM) and Information Technology (IT) risk throughout Lazada’s operational landscape. Your responsibilities will include evaluating, tracking, and reducing risks tied to external vendors and internal IT systems, ensuring alignment with international standards and industry best practices.
This is a hands-on position requiring solid expertise in cyber security, sound independent judgment, strong communication abilities, and a forward-thinking approach. Given Lazada’s presence across multiple Southeast Asian markets, the ideal candidate must possess proven experience in global risk management, a broad understanding of international regulations, and the capacity to use data-driven insights to detect, analyze, and address risks effectively.
The successful individual will manage full-cycle risk assessment initiatives, apply data analytics to guide risk strategies, and work collaboratively with cross-functional groups such as procurement, legal, information security, and regional business units.
Key Responsibilities:
● Manage complete Third-Party Risk Management (TPRM) workflows, including risk evaluations, due diligence reviews, control assessments, and continuous vendor monitoring.
● Perform thorough IT risk analyses across applications, infrastructure, and cloud platforms.
● Design and maintain risk frameworks, policies, and procedures that align with recognized standards (e.g., ISO 27001, NIST).
● Partner closely with procurement, legal, information security, and business units to support informed, risk-based decisions.
● Generate comprehensive risk reports and communicate findings and action plans to stakeholders and leadership.
● Advance risk tools, methods, and automation through the use of data analytics and measurable risk indicators.
● Leverage data to anticipate emerging threats, evaluate control performance, and assist in strategic risk prioritization.
● Keep current on evolving cyber threats, compliance requirements, and risk developments across global markets.
● Apply a cross-border risk perspective when assessing vendor and IT risks across various jurisdictions and regulatory environments.
Qualifications:
● Bachelor’s or Master’s degree in Information Security, Risk Management, Computer Science, or a related discipline.
● At least 5 years of professional experience in Third-Party Risk Management (TPRM) and IT Risk/Information Security.
● Demonstrated ability to independently lead risk assessment projects from initiation to completion.
● Solid knowledge of IT controls, data privacy principles, and compliance regulations (e.g., GDPR, PDPA).
● Prior experience with risk frameworks and audit standards (e.g., ISO 27001, SOC 2, PCI-DSS) is strongly preferred.
● Proven background in managing risks in international or multi-jurisdictional settings, with awareness of diverse regional rules and compliance demands.
● Proficient in applying data analytics, risk scoring models, and risk intelligence tools to enhance decision-making and risk transparency.
● High level of English proficiency (written and spoken) – must be able to engage confidently with global teams.
● Self-driven, detail-focused, and able to operate independently in a fast-moving, dynamic setting.
● Strong analytical thinking, problem-solving capabilities, and interpersonal communication skills.
2026-06-06 12:52
IP属地:浙江杭州
职位福利
本科5-10年
深圳市来赞达软件科技有限公司
未融资 · 1000-9999人
鱼泡安全保障
如遇到办证收费、刷单、传销、诱导买车等违规行为,请立即向鱼泡直聘投诉举报投诉举报 >
附近适合您的职位
风险与合规专员
2-2.5万元/月
网络安全3-5年本科CISSP/CISP安全审计计算机/信息安全相关专业数据安全管理经验熟悉ISO27001标准GRCCISAIT审计经验英语,风险管理供应商安全CISM
杭州 余杭区
数据安全工程师
3-6万元/月
网络安全3-5年本科PMPCISSP/CISP安全体系架构和研发数据安全管理经验熟悉ISO27001标准SDL经验PythonCISM
杭州 余杭区
收藏职位
