Description

What makes this a great opportunity?

Suntory Global Spirits is Crafting the Spirits that Stir the World. Rooted in two centuries of family heritage, Suntory Global Spirits has evolved into the world's third-largest leading premium spirits company - where each consumer is treated like family and trusted with legacy. With our greatest assets - our premium spirits and our people - we are driving growth through impactful marketing, innovation, and an entrepreneurial spirit. Suntory Global Spirits is a place where you can Unleash your Spirit by making an impact each and every day.

Mission:

Suntory Global Spirits currently has the following position open - Senior Manager: Governance, Risk and Compliance. Working Hybrid (3 days in the Gurgaon office).

We are seeking a highly experienced Cyber Risk & Compliance leader to drive and evolve the organization's enterprise Governance, Risk, and Compliance (GRC) strategy. This role will operate as a senior advisor to leadership, ensuring cybersecurity risks are proactively managed, regulatory obligations are met, and security governance is embedded into business decision-making. The position requires a strategic thinker with hands-on execution capability, able to operate across global stakeholders, complex regulatory environments, and large-scale technology ecosystems.

Role Responsibilities

Strategic Risk Leadership
• Define and execute the enterprise cyber risk management strategy aligned to business objectives
• Establish risk appetite alignment and support leadership in risk-based decision making
• Maintain and evolve the enterprise cyber risk register, taxonomy, and reporting framework
• Provide regular risk posture updates and actionable insights to executive stakeholders

Governance & Framework Alignment
• Lead the design, implementation, and continuous improvement of the GRC operating model
• Ensure alignment with global standards including ISO 27001, NIST CSF, NIST 800-53, COBIT, and SOX
• Develop and maintain security policies, standards, and procedures across the organization
• Drive maturity assessments and roadmap development for cybersecurity governance

Regulatory Compliance & Assurance
• Oversee enterprise compliance programs including SOX IT controls, ITGC, and regulatory requirements
• Direct audit readiness activities and serve as primary interface for internal and external auditors
• Manage control deficiency remediation and continuous control improvement
• Monitor emerging regulatory requirements and ensure proactive compliance readiness

Third-Party & Supply Chain Risk
• Assess vendor security posture and drive risk mitigation strategies
• Partner with Procurement and Legal to embed security requirements into contracts
• Provide oversight of critical suppliers supporting business operations

Access Risk Governance
• Oversee access governance across enterprise systems, including SAP GRC controls
• Ensure robust Segregation of Duties (SoD), User Access Reviews (UAR), and privileged access management
• Advise on identity risk strategies for cloud and digital transformation initiatives

Business Resilience & Critical Asset Protection
• Ensure alignment with disaster recovery and business continuity planning
• Support resilience testing and preparedness activities

Risk Advisory & Transformation Support
• Provide cyber risk advisory for strategic initiatives, new technologies, and digital programs
• Evaluate security implications of architectural and operational changes
• Support threat prioritization and risk treatment planning

Security Culture & Awareness
• Drive enterprise-wide security awareness initiatives and behavioral change programs
• Promote accountability for risk ownership across business units
• Champion a strong security culture across the organization

Stakeholder & Leadership Engagement
• Act as a trusted advisor to senior leadership on cyber risk posture and mitigation strategies
• Collaborate with IT, Engineering, Legal, Privacy, Compliance, and business leaders globally
• Influence decisions without direct authority across a matrixed organization.

Qualifications

Desired Qualifications:

• Master's degree in information technology/Cybersecurity/Information Security, or related field
• 10+ years of progressive experience in Cyber Risk, IT Audit, Compliance, or GRC leadership roles
• Demonstrated experience building, scaling, or transforming enterprise GRC programs
• Experience with enterprise GRC platforms (e.g., KnowBe4, ServiceNow, OneTrust, LogicGate, SAP GRC)
• Deep expertise in multiple security frameworks and regulatory environments
• Proven ability to manage complex audits and executive-level reporting
• Strong strategic thinking combined with operational execution skills
• Excellent stakeholder management across technical and non-technical audiences
• Security certifications preferred (e.g., CISA, CISSP, CRISC)
• Strong analytical and technical documentation skills