Senior Manager - Cyber Risk and SAP Compliance

Suntory Global Spirits View all jobs

  • Gurgaon, Haryana
  • Permanent
  • Full-time
  • 8 days ago
What makes this a great opportunity?Suntory Global Spirits is Crafting the Spirits that Stir the World. Rooted in two centuries of family heritage, Suntory Global Spirits has evolved into the world’s third-largest leading premium spirits company — where each consumer is treated like family and trusted with legacy. With our greatest assets — our premium spirits and our people — we are driving growth through impactful marketing, innovation, and an entrepreneurial spirit. Suntory Global Spirits is a place where you can Unleash your Spirit by making an impact each and every day.Mission:Suntory Global Spirits currently has the following position open - Senior Manager: Governance, Risk and Compliance. Working Hybrid (3 days in the Gurgaon office).We are seeking a highly experienced Cyber Risk & Compliance leader to drive and evolve the organization’s enterprise Governance, Risk, and Compliance (GRC) strategy. This role will operate as a senior advisor to leadership, ensuring cybersecurity risks are proactively managed, regulatory obligations are met, and security governance is embedded into business decision-making. The position requires a strategic thinker with hands-on execution capability, able to operate across global stakeholders, complex regulatory environments, and large-scale technology ecosystems.Role ResponsibilitiesStrategic Risk Leadership
  • Define and execute the enterprise cyber risk management strategy aligned to business objectives
  • Establish risk appetite alignment and support leadership in risk-based decision making
  • Maintain and evolve the enterprise cyber risk register, taxonomy, and reporting framework
  • Provide regular risk posture updates and actionable insights to executive stakeholders
Governance & Framework Alignment
  • Lead the design, implementation, and continuous improvement of the GRC operating model
  • Ensure alignment with global standards including ISO 27001, NIST CSF, NIST 800-53, COBIT, and SOX
  • Develop and maintain security policies, standards, and procedures across the organization
  • Drive maturity assessments and roadmap development for cybersecurity governance
Regulatory Compliance & Assurance
  • Oversee enterprise compliance programs including SOX IT controls, ITGC, and regulatory requirements
  • Direct audit readiness activities and serve as primary interface for internal and external auditors
  • Manage control deficiency remediation and continuous control improvement
  • Monitor emerging regulatory requirements and ensure proactive compliance readiness
Third-Party & Supply Chain Risk
  • Assess vendor security posture and drive risk mitigation strategies
  • Partner with Procurement and Legal to embed security requirements into contracts
  • Provide oversight of critical suppliers supporting business operations
Access Risk Governance
  • Oversee access governance across enterprise systems, including SAP GRC controls
  • Ensure robust Segregation of Duties (SoD), User Access Reviews (UAR), and privileged access management
  • Advise on identity risk strategies for cloud and digital transformation initiatives
Business Resilience & Critical Asset Protection
  • Ensure alignment with disaster recovery and business continuity planning
  • Support resilience testing and preparedness activities
Risk Advisory & Transformation Support
  • Provide cyber risk advisory for strategic initiatives, new technologies, and digital programs
  • Evaluate security implications of architectural and operational changes
  • Support threat prioritization and risk treatment planning
Security Culture & Awareness
  • Drive enterprise-wide security awareness initiatives and behavioral change programs
  • Promote accountability for risk ownership across business units
  • Champion a strong security culture across the organization
Stakeholder & Leadership Engagement
  • Act as a trusted advisor to senior leadership on cyber risk posture and mitigation strategies
  • Collaborate with IT, Engineering, Legal, Privacy, Compliance, and business leaders globally
  • Influence decisions without direct authority across a matrixed organization.
QualificationsDesired Qualifications:
  • Master’s degree in information technology/Cybersecurity/Information Security, or related field
  • 10+ years of progressive experience in Cyber Risk, IT Audit, Compliance, or GRC leadership roles
  • Demonstrated experience building, scaling, or transforming enterprise GRC programs
  • Experience with enterprise GRC platforms (e.g., KnowBe4, ServiceNow, OneTrust, LogicGate, SAP GRC)
  • Deep expertise in multiple security frameworks and regulatory environments
  • Proven ability to manage complex audits and executive-level reporting
  • Strong strategic thinking combined with operational execution skills
  • Excellent stakeholder management across technical and non-technical audiences
  • Security certifications preferred (e.g., CISA, CISSP, CRISC)
  • Strong analytical and technical documentation skills

Suntory Global Spirits