IT Security Governance, Risk, and Compliance (GRC) Engineer

Overview

Company Overview:
Crocs, Inc., a global leader in casual footwear, is known for its innovative comfort and iconic Classic Clog. Operating in over 90 countries, Crocs celebrates individuality and invites everyone to Come As You Are.

Role Summary:
As the primary GRC Engineer in China and a key support for the Asia Pacific region, you’ll guide and execute Crocs' IT Governance, Risk, and Compliance strategies. Working closely with Legal, Risk, and Internal Audit teams, you’ll ensure alignment between IT risk management and regulatory requirements.

What You'll Do

Third-Party Risk Management

• Serve as regional lead for the IT Third Party Risk Management Program.

• Maintain the GRC platform to log and analyze cybersecurity risks.

• Implement and monitor security controls and risk assessment frameworks in line with regulations and internal standards.

• Automate and track security controls, exceptions, risks, and testing; generate metrics and reports.

Policy & Procedure Management

• Develop and enforce regional cybersecurity and GRC policies to meet legal and regulatory standards.

• Collaborate with Legal, Audit, and other teams to align enterprise-wide policies.

• Define ownership and responsibilities for GRC controls, and oversee regular effectiveness assessments.

Audit & Compliance

• Lead China MLPS and support South Korea ISMS certification efforts.

• Design and implement controls to comply with APAC region regulations.

• Coordinate internal/external audits and guide remediation of findings.

• Support IT and business teams in achieving compliance goals.

Risk Management

• Manage the Cybersecurity Risk Register and contribute to enterprise risk reporting.

• Collaborate on mitigation plans or compensating controls for identified risks.

• Oversee the risk acceptance process in alignment with company policies and frameworks.

What You'll Bring to the Table

Minimum Education: 

• Bachelor’s degree or equivalent experience in Information Technology or related field.   

Minimum Experience: 

• 4+ years of confirmed experience in cybersecurity as a practitioner, with 2+ years in GRC role or 8+ years of IT experience with exposure to the China MLPS Certification process. Experience working with other compliance driven teams such as Legal, Audit, etc.  

Knowledge, Skills & Abilities:  

• In-depth Knowledge of Relevant Laws and Regulations and other applicable frameworks 

• Risk Management Skills: Ability to identify, analyze, and effectively mitigate or manage enterprise risks. Familiarity with risk management frameworks and methodologies. 

• Strategic Thinking and Leadership: Strong ability to lead and manage the GRC function, develop and execute strategic plans, and guide the organization towards its GRC objectives. 

• Communication and Presentation Skills: Excellent written and verbal communication skills, with the ability to present complex GRC issues and strategies clearly to various stakeholders. 

• Analytical Skills: Strong ability to analyze complex data, interpret compliance requirements, and develop effective solutions. 

• Negotiation and Influencing Skills: Ability to negotiate with, influence, and secure buy-in from various stakeholders, both internal and external, to achieve GRC objectives. 

• IT Proficiency: Familiarity with the use of GRC technology solutions, as well as a broad understanding of information security principles and best practices. 

Continuous Learning: A commitment to keeping up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management.