1. PURPOSE OF ROLE

Seeking an IT Compliance Expert to collaborate with relevant stakeholders on IT risk and compliance management.

2. KEY TASKS AND ACCOUNTABILITIES

• Collaborate with relevant teams to align APAC risk management strategies, Third Party Risk Management (TPRM), Software Asset Management (SAM), Business Impact Analysis (BIA), etc..

• Optimize TPRM frameworks with tiering, lifecycle management, templates, and KPIs.

• Enhance TPRM processes through cross-department collaboration and automation tools.

• Conduct third-party risk assessments, develop mitigations, and monitor critical vendors.

• Implement cybersecurity training and phishing simulations for third-party employees.

• Perform audits based on IT MICS, SOX, and internal policies, addressing compliance gaps.

• Liaise with external auditors, providing documents and audit support.

• Oversee software management, including procurement, usage, and retirement.

• Assess risks and conduct business impact analysis to critical systems, defining RTOs and RPOs for business processes.

• Manage IT compliance approvals for hardware access, third-party risks, and software licenses.

3. BUSINESS ENVIRONMENT

The role of IT Compliance Expert in APAC is embedded within IT department but collaborates extensively with various business functions. It is integral to the wider business, serving as a critical link between technology, risk management, and regulatory compliance.

Key Strategic Interactions:

• Global IT Compliance Team: The IT Compliance Expert collaborates closely with global teams to ensure consistent risk management strategies across APAC, including sharing best practices, aligning on policies and procedures, and coordinating efforts to address regional-specific compliance challenges.

• Procurement Team: The IT Compliance Expert collaborates with Procurement Team in Supplier Risk Management to ensure alignment on TPRM.

• Third Parties: The IT Compliance Expert manages relationships with third-party vendors and service providers, conducting risk assessments, developing mitigation strategies, and implementing remediation actions.

• Business Departments: This role works with various business departments to identify and assess critical systems, ensuring that IT compliance efforts are aligned with business objectives.

• External Auditors: This role maintains communication with external auditors, responding to requests, providing necessary documents, and assisting with audits.

• Software License Owners: The IT Compliance Expert collaborates with software license owners in APAC to implement software management.

4. QUALIFICATIONS, EXPERIENCE, SKILLS

• Bachelor’s degree, preferably in Information Technology, Computer Science, and /or equivalent formal training or work experience.

• Effective communication and interpersonal skills, with the ability to collaborate with global teams.

• Fluent in English.

• Experience in managing and overseeing IT compliance-related projects.

• Experience in Third Party Risk Management (TPRM), including risk assessments, mitigation strategies, and lifecycle management.

• Experience with Software Asset Management (SAM) and Business Impact Analysis (BIA).

• Familiarity with IT MICS, SOX, and other relevant compliance frameworks.

• Ability to manage multiple tasks and priorities in a fast-paced environment.

• Relevant professional certifications, such as Certified Information Systems Auditor (CISA), or ISO/IEC 27001 Lead Implementer, are a plus.



5. COMPETENCIES

• Deep understanding of IT compliance frameworks, standards, and regulations, and the ability to apply them effectively.

• Ability to lead and manage IT compliance-related projects.

• Proficiency in conducting comprehensive audits and assessments, identifying compliance gaps, and providing guidance to stakeholders.

• Expertise in identifying, assessing, and mitigating risks, including third-party, cybersecurity, and data security risks.

• Skill in introducing automation tools to enhance efficiency and accuracy.

• Ability to design and implement security awareness programs.

Equal Opportunity Employer

Budweiser China is an equal opportunity employer that is committed to workplace diversity and non-discrimination. Budweiser China strives to create an inclusive work environment that is free from discrimination and harassment and that values the differences of our employees, shareholders, and consumers. Specifically, we prohibits discrimination or harassment against any applicant, employee, vendor, contractor, customer, or client on the basis of, race, color, national origin, sex, sexual orientation, gender identity or expression, religion, age, marital status, pregnancy, disability or military/veteran status, or any other basis prohibited by law.