Head of Security Governance
Coupang is one of the largest and fastest growing e-commerce platforms on the planet. Our mission is to create a world in which Customers ask, “How did I ever live without Coupang?” We are looking for passionate builders to help us get there. Powered by world-class technology and operations, we have set out to transform the end-to-end Customer experience -- from revolutionizing last-mile delivery to rethinking how Customers search and discover on a truly mobile-first platform. We have been named one of the “50 Smartest Companies in the World” by MIT Technology Review and “30 Global Game Changers” by Forbes.
Coupang is a global company with offices in Beijing, Los Angeles, Seattle, Seoul, Shanghai, and Silicon Valley.
Risk assessments are crucial in identifying potential threats and vulnerabilities to the organization’s information assets. This team is responsible for conducting both regular (e.g., annual vulnerability assessments) and ad-hoc (i.e. feasibility study on new business initiatives) risk assessments. The target of these assessments are both external (i.e., vendors) and internal. The results of a risk assessment will help guide and determine the appropriate management action and priorities for managing information security and privacy risks and for ensuring the implementation of controls to protect against these risks.
The team is responsible for the identification and prioritization of information security and privacy risks. After risks have been identified and prioritized, the team will present the risks to the relevant stakeholders for the decision to remediate, accept, transfer or avoid the risk. If the decision has been made to remediate the risk, the function is to assist by tracking and driving remediation through to resolution, providing relevant advice and conducting a post implementation review to ensure the risk has been properly remediated.
Security & Privacy Compliance, Audit & Certification assess against external standards and requirements, inclusive of those derived from law and regulations and certification frameworks (e.g., ISO).
This team must:
- Work together relentlessly with business owners, developers/engineers, testers, and across IT Infrastructure/Operations (including network, system and database architects/engineers and administers) and Security & Privacy to drive wins for the organization.
- Track and ensure resolution of identified risks.
- Drive a hypothesis driven culture, taking no assumptions for granted and always measuring.