Manager II, Cybersecurity, Governance, Assurance & Data Privacy (GRC)

About Circles

Founded in 2014, Circles is a global technology company reimagining the telco industry with its innovative SaaS platform, empowering telco operators worldwide to effortlessly launch innovative digital brands or refresh existing ones, accelerating their transformation into techcos. Today, Circles partners with leading telco operators across multiple countries and continents, including KDDI Corporation, Etisalat Group (e&), AT&T, and Telkomsel, creating blueprints for future telco and digital experiences enjoyed by millions of consumers globally. Besides its SaaS business, Circles operates three other distinct businesses: Circles.Life: A wholly-owned digital lifestyle telco brand based in Singapore, Circles.Life is powered by Circles’ SaaS platform and pioneering go-to-market strategies. It is the digital market leader in Singapore and has won numerous awards for marketing, customer service, and innovative product offerings beyond connectivity. Circles Aspire: A global provider of Communications Platform-as-a-Service (CPaaS) solutions. Its cloud-based Experience Cloud platform enables enterprises, service providers and developers to deliver and scale mobile, messaging, IoT, and connectivity services worldwide. Jetpac: Specializing in travel tech solutions, Jetpac provides seamless eSIM roaming for over 200 destinations and innovative travel lifestyle products, redefining connectivity for digital travelers. Jetpac was awarded Travel eSIM of the Year. Circles is backed by renowned global investors, including Peak XV Partners (formerly Sequoia), Warburg Pincus, Founders Fund, and EDBI (the investment arm of the Singapore Economic Development Board), with a track record of backing industry challengers.

Role - Manager II, Cybersecurity, Governance, Assurance & Data Privacy (GRC)

Location - Bangalore

The Role

Reporting to the Director of Cyber Governance, Assurance & Data Protection, this newly created role to be based out of our India office in Bangalore will have people management and senior Level stakeholder engagement responsibilities. As a Senior in the subdomain vertical of Information & Cybersecurity Function, the aspiring candidate will have the following responsibilities:

• Ensure that Circles and its global offices are always maintaining robust, sustainable and adequate governance practices and compliance which spans across.
• [Governance] Develop, mature and operationalize the cybersecurity framework, policies, procedures, guidelines and baseline standards within the Group.
• [Governance] Ensure cybersecurity best practices are embedded within new initiatives, ongoing change management and evaluate the security impact of the initiatives.
• [Governance] Identify, risk assess and drive adoption of administrative, technical and procedural measures to safeguard the information assets across the Enterprise.
• [Assurance] Ensure organizational crown jewels are adequately protected in accordance with regulatory and data protection regulations such as ISO27701, PCI-DSS, Market specific Data Protection regulations including PDPA, GDPR.
• [Assurance] Drive internal Risk Assessment including 3rd Party Due Diligence (3PDD) reviews, cybersecurity assurance activities, as well as audit readiness reviews and drive timely resolution of potential gaps.
• [Assurance] Proactively support in organizational roadmap towards maintaining relevant credentials including ISO27001 compliance, DPTM, APEC CBPR and establishing SOC2 compliance report.
• [Data Protection] Develop data privacy and protection framework, enhance existing policies and work programs to align with expectation of relevant data privacy laws.
• [Data Protection] Support the day-to-day functioning of the Data Privacy Office by: Serving as a point of contact within group on issues related to data privacy & protection; Support privacy impact assessments, maintain records of processing activities; Serving as subject matter expert to stakeholders on privacy and data security matters; and Participate in investigation of data privacy incidents.
• [Data Protection] Drive cybersecurity and privacy awareness within the Group, formulating learning curriculum, rolling out training modules ensuring completion remains above agreed metrics. Devise focused training across staff who are involved in data handling and processing.
• [Data Protection] Promote a culture of Security, information protection and compliance mindset across the Group.
• [Artificial Intelligence] Drive relevant and necessary initiatives to enable the stakeholders to adopt artificial intelligence related initiatives in an ethical and responsible manner.
• [Advisory] Provide advisory services on information security, privacy and cybersecurity matters for internal stakeholders as laid out in subsequent sections.

Aspiring Candidate Will Come With

• A Degree in Information Technology, Cyber Security or comparable qualification.
• Prior people management responsibilities.
• Minimum 10+ or more years of professional experience in Audit, Assurance, Governance, Management Consulting or ability to port skills across these functional responsibilities.
• Good understanding of cybersecurity, data governance and assurance initiatives in relation to SaaS based Telco platform delivering B2B and B2C products.
• Excellent written and oral communication skills, confident in having meaningful conversation with stakeholders at multiple levels within the Group.
• Experience, knowledge in the following is a certain plus: Big 4, Tier 2 Consulting Firms, Telco industry.
• Cloud Infrastructure and Security, DevSecOps, Microservices architecture, Container security.
• Industry Standards such as ISO 27001, ISO 27701, NIST, COBIT, PCI-DSS, MTCS.
• Global, Regional data privacy regulations such as GDPR, PDPA, PDPO.
• Cherish continuous learning and demonstrate it with one or more professional certifications such as CRISC, AAISM, AAIR, CGEIT, CDPSE, CDPSE, CSX-P, CISA, CISSP, Diploma in Data Protection or equivalent.

Key Stakeholders

• Verticals/subdomains within Information & Cybersecurity
• Internal B2B and B2C Business Lines
• Product Engineering
• Sales, Revenue, Business Development
• Growth, Customer Happiness, Operations and Marketing
• Government Affairs and Public Policy
• Finance and Legal
• People & Culture

Diversity & Inclusion

Circles is committed to a diverse and inclusive workplace. We are an equal opportunity employer and do not discriminate on the basis of race, national origin, gender, disability or age.

Data Protection and Privacy Statement

By submitting an application for this position, you, as the applicant, or your authorised representative(s), consent to Circles’ Candidate Data Protection and Privacy Policy. You also agree to the collection, use, and/or disclosure of your personal data by us solely for recruitment purposes as specified in the Policy. You acknowledge that you have read and understood the Policy, are aware of your rights regarding your personal data, and accept the terms relating to international data transfers, where applicable. You further understand that you may withdraw consent at any time, which may affect our ability to consider your application. In instances where your personal data or application is submitted by a third party, it is understood that such third party has been duly authorised by you to disclose the relevant personal data and provide consent on your behalf, and that you have been made aware of this Policy.

Recruitment Agencies

To all recruitment agencies: Circles will only acknowledge resumes shared by recruitment agencies if selected in our preferred supplier partnership program. Please do not forward resumes to our jobs alias, Circles, employees or any other company location. Circles will not be held accountable for any fees related to unsolicited resumes not uploaded via our ATS.

Key skills/competency

• Cybersecurity Governance
• Data Privacy
• Risk Management
• Compliance
• Assurance
• Policy Development
• Information Security
• Audit
• Stakeholder Management
• People Management