Job Context
As technology becomes a central enabler across every function of the company, the IT landscape is evolving into a strategic business partner. Within the Global Information Services (GIS) organisation—structured across Infrastructure & Shared Platforms, Business Solutions, and Strategy & Planning—security, risk, and compliance are critical to safeguarding operations and maintaining business continuity.
This role demands a visionary leader with strong business acumen and deep technical knowledge of information security and compliance. The Global Technology CoE Manager – Security, Risk & Compliance is responsible for shaping the organisation’s information security strategy, ensuring operational compliance, and embedding a culture of security across the business.
Job Objective
To define, develop, and lead the global information security, risk management, and compliance strategy for IT and OT environments. This includes safeguarding the digital assets, ensuring regulatory alignment, mitigating risks, and fostering an enterprise-wide culture of security awareness and resilience.
Key Responsibilities
Cybersecurity Leadership
- Develop and maintain a security vision and roadmap aligned with the business strategy and stakeholder expectations.
- Establish a comprehensive information security and risk management program covering IT and OT environments.
- Govern security frameworks via steering committees or advisory boards and set clear governance structures.
- Monitor emerging threats and drive innovation through the adoption of next-generation security technologies.
- Oversee IT/OT business continuity and disaster recovery planning.
- Lead the creation and implementation of enterprise-wide security awareness training and communications.
- Manage the security-related budget, optimising spend in line with risk appetite and organizational priorities.
- Oversee vendor relationships and third-party security service providers, ensuring effective incident detection and response.
Risk Management
- Lead the enterprise cyber risk posture, including third-party and supply chain risk assessments.
- Guide business units and global functions through structured IT/OT risk assessments, ensuring well-informed residual risk decisions.
- Present regular security risk updates to senior leaders, risk committees, and the Board.
- Integrate security practices with enterprise architecture strategies.
- Conduct risk reviews for IT/OT projects and recommend appropriate security controls.
Compliance
- Lead the IT compliance function to meet all regulatory, commercial, and organizational requirements.
- Ensure internal IT controls align with evolving global laws, regulations, and standards (e.g., SOX, GDPR).
- Oversee audit readiness, minimize findings, and lead resolution activities.
- Collaborate with internal and external stakeholders to maintain continuous compliance and operational excellence.
Required Qualifications & Experience
- Bachelor’s or Master’s degree in Business Administration, Information Security, Computer Science, or related field.
- Professional security certifications (preferred): CISSP, CISM, CISA, CRISC, or equivalent.
- Extensive experience in information security, IT/OT risk management, and compliance, with at least 4 years in a senior leadership capacity.
- Proven experience developing and executing security strategies, frameworks, and transformation programs in complex, fast-paced environments (beverage industry experience is a plus).
- Expertise in security standards and frameworks: ISO/IEC 27001, NIST, COBIT, ITIL.
- Strong knowledge of regulatory and legal requirements: SOX, GDPR, privacy laws, and industry best practices.
- Demonstrated ability to lead cross-functional teams and influence stakeholders at all levels.
- Excellent communication, problem-solving, and strategic thinking skills.
