As entrepreneurs ourselves, we understand the unique challenges startups face managing their rollercoaster growth. We’ve lived it.
We know that even well-funded teams can lack the bandwidth to recruit, train, and integrate the operations staff needed to meet growing demand. And that even when the right employees are in place, many companies lack the crucial mid-management layer needed to drive employee performance and process improvements.
Hugo was created with the high-growth startup in mind. We custom build or augment existing operations teams for companies in scaling mode, leaving founders and senior management to focus on what matters most: growth.What you’ll be doing
Over the last two years, Hugo has experienced tremendous growth. We’ve grown to a community of 1,500+ FTEs, expanded into new countries, and evolved our client base from just unregulated start-ups to publicly listed tech behemoths. To maintain this trajectory, we need to “level up” our IT infrastructure and operations, and we are looking for an experienced IT enthusiast to help build our risk and compliance capability, as we prepare for the next stage of growth.
Reporting directly to the Global Head of IT, this position leads, advises on, maintains, and reports on Hugo’s IT controls implementation, risk management, and compliance efforts. The position works closely with the Executive Leadership Team and business leaders, while leading IT gap assessment programs and risk workshops/forums.
As part of Hugo’s overarching risk management and governance framework, this role serves as a second line of defense that provides independent oversight and guidance on managing IT risks.
KEY RESPONSIBILITIES
Leadership & Development
Work with the Global Head of IT and business leaders to foster a culture of compliance across Hugo.
Provide guidance and training to employees/relevant stakeholders on compliance policies, procedures, and risk-related matters.
Advise process owners on the design and implementation of IT controls (manual and automated) into processes and systems that support the achievement of business objectives.
Lead risk assessments for all enterprise technology systems and processes, particularly those handling sensitive customer data (e.g., personal identifiable information).
Stakeholder Communication & Reporting
Manage the quarterly ISMS management review and reporting on the organization's technology risk register.
Monitor and report on the organization's technology (IT and information security) compliance obligations, including those related to legislation, licensing, and internal policies to the Global Head of IT and Chief Trust Officer (CTO).
Provide regular reports on operational IT risks and security posture to the Global Head of IT.
Where applicable, liaise with clients, auditors, and/or regulators to demonstrate conformance with applicable requirements, addressing inquiries and requests for information.
Policy Development & Enforcement
Develop, implement, and maintain IT risk and compliance policies and procedures that align with industry best practices and regulatory requirements.
Assist IT process owners in the creation and maintenance of policies, processes and procedures.
Ensure proper documentation, permission control, and communication of policies across the organization.
Monitor adherence to established policies, conducting internal reviews and audits to ensure compliance.
Work with legal, people, service delivery, and strategic operations teams to embed IT risk and compliance requirements into organizational policies and procedures.
Compliance Management
Develop and implement an IT compliance management and monitoring framework, overseeing the organization’s compliance efforts based on industry standards (e.g., ISO27001, PCI-DSS, SOC 2, HITRUST).
Monitor, and report on the organization’s legal and regulatory compliance obligations, including those related to legislation (e.g., GDPR, NDPR, Cybercrime Act, NCC).
Lead initiatives to secure sensitive customer data (e.g., cardholder data, personal identifiable information) according to applicable regulations.
Maintain up-to-date knowledge of relevant regulations and best practices in IT risk and compliance, ensuring that the organization’s practices remain fit-for-purpose.
IT Risk and Governance
Define a strategic roadmap and plan to deliver on IT Risk and Compliance objectives.
Develop and implement an IT risk management framework to identify, assess, manage, and mitigate risks related to IT systems and data security.
Perform general Risk Control Self-Assessment for the IT department covering people, process, technology, and suppliers, assigning risk severity scores and tracking mitigation plans.
Provide advice and undertake regular reviews with risk owners to ensure the effectiveness (and documentation) of internal controls.
Collaborate with IT and security operations teams to design and implement appropriate controls to protect against confidentiality, integrity, and availability incidents.
What you’ll need to apply
10 years experience in a Risk and Compliance role, with at least 3 years interacting with business leaders and executive leadership team.
Hands-on, Individual contributor with strong communication (written and verbal) skills and the ability to work in a business partnering capacity whilst maintaining essential independence.
Demonstrated track record of influencing stakeholders from different backgrounds and functions to drive risk-aware business outcomes.
Demonstrated experience preparing and presenting risk reports to an executive and/or business leaders.
IT GRC background with expert level knowledge of industry practices, IT processes, compliance frameworks and standards (e.g., COBIT, NIST, PCI-DSS, ITIL, ISO 27001 etc.)
CISA, CRISC, CGEIT, or other relevant industry security-focused certifications preferred.
An ability to lead strategically, with a commercial focus.
What SUCCESS LOOKS LIKE
Risk Management Effectiveness: Reduction in IT risk exposure and security incidents.
Compliance Adherence: Successful completion of audits with minimal findings.
Client Satisfaction: Positive feedback from clients on the organization’s security and compliance posture.
Policy Enforcement: High adherence to internal risk and compliance policies across the organization.
Click Here To Apply