Information Security GRC Senior Specialist

Company Intro 

We exist to wow our customers. We know we’re doing the right thing when we hear our customers say, “How did we ever live without Coupang?” Born out of an obsession to make shopping, eating, and living easier than ever, we’re collectively disrupting the multi-billion-dollar e-commerce industry from the ground up. We are one of the fastest-growing e-commerce companies that established an unparalleled reputation for being a dominant and reliable force in South Korean commerce.

We are proud to have the best of both worlds — a startup culture with the resources of a large global public company. This fuels us to continue our growth and launch new services at the speed we have been since our inception. We are all entrepreneurial surrounded by opportunities to drive new initiatives and innovations. At our core, we are bold and ambitious people that like to get our hands dirty and make a hands-on impact. At Coupang, you will see yourself, your colleagues, your team, and the company grow every day. 

Our mission to build the future of commerce is real. We push the boundaries of what’s possible to solve problems and break traditional tradeoffs. Join Coupang now to create an epic experience in this always-on, high-tech, and hyper-connected world.

Team Description:

This role is an individual contributor on the Security GRC team.  This team member will apply their information security knowledge and skillsets to assist, and may lead tasks, in support of Security GRC activities.  These activities may include coordinating updates to the information security policies, standards, or guidelines or gathering responses in support of our information security certifications.  This team member can work independently and should be able to multitask and manage competing priorities in a fast-paced environment, yet remain flexible.  He/she will have excellent interpersonal skills, work well with others, and quickly learn our business. 

Key Responsibilities: 

• Understand Korean and International Information Security & Privacy laws, regulation and policies 

• Perform risk assessments, report results, and track mitigation 

• Collaborate with key stakeholders to track, manage and reduce risk  

• Support for development and maintenance of information security policies and procedures 

• Change management, exception process operation, and management for Security policies 

• Communication with relevant departments on topics related to information security and regulatory requirements 

• Security awareness-raising and training program development, operation, management, and evaluation 

• Certification compliance requirements coordination and data gathering 

Basic Qualifications: 

• Bachelor’s Degree is required. 

• At least 3 ~ 5 years of information security experience 

• Experience in information protection and personal information protection management system (ISMS-P), ISO27001, PCI-DSS 

• Technically high-level experience and understanding of IT infrastructure, services, and cloud service 

• Experience and understanding of security system operation/management 

• Understanding and experience of risk management methodology based on ISO27001/2, NIST CSF 

• Experience with GRC tools, ticketing systems like JIRA, collaboration tools like SharePoint 

• Experience in checking and responding to government agencies such as KISA, the Ministry of Defense, the Personal Information Protection Commission, and the Financial Supervisory Authority 

• Passionate about identifying and improving information security 

• Strong and effective communication skills 

Preferred Qualifications: 

• Understanding and experience in laws and regulations such as information security or personal information protection in Korea 

• C-suite and Board Of Directors reporting experience 

• Inspection of basic compliance matters such as the Personal Information Protection Act, the Traditional Network Act, and the Electronic Financial Transaction Act 

• Security certification holders (CISA, CISSP, ISO27001, CISM, Other) 

• AWS security experience