返回查询:Risk Compliance / 杭州市

About The Role
We are seeking a highly skilled and experienced Risk & Compliance Specialist to join Lazada's growing cyber security team. In this role, you will play a key part in managing Third-Party Risk Management (TPRM) and Information Technology (IT) risk across Lazada's business operations. You will be responsible for assessing, monitoring, and mitigating risks associated with third-party vendors and internal IT systems, ensuring compliance with global standards and best practices.

This is a hands-on role that requires strong cyber security knowledge, independent judgment, excellent communication skills, and a proactive mindset. As Lazada operates in a complex, multi-market environment across Southeast Asia, this role demands a candidate with demonstrable international risk management experience and a global regulatory outlook, as well as the ability to leverage data-driven insights to identify, assess, and mitigate risks effectively.

The ideal candidate will be able to lead risk assessment projects from end to end, utilize data analytics to inform risk decisions, and collaborate effectively across cross-functional teams including procurement, legal, information security, and regional business units.

Key Responsibilities

  • Lead end-to-end Third-Party Risk Management (TPRM) processes, including risk assessments, due diligence, control evaluations, and ongoing monitoring of vendors.
  • Conduct comprehensive IT risk assessments for applications, infrastructure, and cloud environments.
  • Develop and maintain risk frameworks, policies, and procedures aligned with industry standards (e.g., ISO 27001, NIST).
  • Work closely with procurement, legal, information security, and business teams to ensure risk-aware decision-making.
  • Prepare detailed risk reports and present findings and recommendations to stakeholders and senior management.
  • Drive continuous improvement of risk tools, methodologies, and automation by leveraging data analytics and risk metrics.
  • Utilize data to proactively identify emerging risks, measure control effectiveness, and support strategic risk prioritization.
  • Stay up to date with evolving cybersecurity threats, regulatory requirements, and risk trends across international markets.
  • Apply an international risk perspective when evaluating vendor and IT risks across diverse jurisdictions and compliance regimes.

Qualifications
Job Requirements

  • Bachelor's or Master's degree in Information Security, Risk Management, Computer Science, or a related field.
  • Minimum of 5 years of professional experience in Third-Party Risk Management (TPRM) and IT Risk/Information Security.
  • Proven track record of independently leading risk assessment projects from scoping to closure.
  • Strong understanding of IT controls, data protection, and regulatory compliance (e.g., GDPR, PDPA).
  • Experience with risk assessment frameworks and audit standards (e.g., ISO 27001, SOC 2, PCI-DSS) is highly preferred.
  • Demonstrated experience in managing risks within international or cross-border environments, with familiarity with multiple regional regulations and compliance expectations.
  • Strong capability in using data analytics, risk scoring models, and risk intelligence platforms to drive risk decision-making and improve risk visibility.
  • Exceptional English proficiency (both written and spoken) – must be able to communicate confidently with global teams.
  • Self-motivated, detail-oriented, and capable of working independently in a fast-paced, dynamic environment.
  • Strong analytical, problem-solving, and interpersonal skills.
去原网站上申请