Directly reporting to the CISO for the new virtual bank. This role is accountable for ensuring and strengthening the bank's control for information & cyber security risk. The successful candidate will manage the second line control environment to protect the Bank from information & cyber security risks.
- Act as Central Coordinator during significant information security events. Work closely with 1st Line Cybersecurity to oversee incident investigations and ensure security risks are identified and managed.
- Direct the design of the Bank's second line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policy, risk assessment, and awareness.
- Understand regulatory requirements for information & cyber security and define control requirements to mitigate relevant risks.
- Support CISO in coordinating firm-wide cyber security programme such as business continuity programme, disaster recovery operations, impact analysis and training programme for different business streams.
- Support CISO in representing the Bank on internal and external information & cyber security committees.
- Establish & review assessment processes for:
1) new products and services &
2) the continuous monitoring of existing platforms and infrastructure.
- Establish & review appropriate cyber risk tolerance threshold and follow-up action.
Your Required Skills:
- Over 10 years' industry experience in information & cyber security risk mandatory
- Experience of Information & Cyber Security's regulations (preferably HKMA) mandatory
- Educational background in computer science, information security, or engineering.
- Familiarity with information and cyber security regulatory requirements and the three lines of defence risk model
- Experience in the following areas important: information security, cyber security, and technology risk management
- Experience in the following areas desirable: network and application security, data loss prevention, identity and access management, vulnerability management, business continuity programme and disaster recovery operation.
- Experience in Cloud Security Governance and related risk (Desirable).
- Proficiency in MacOS environment (Desirable)
- Influencing skills and ability to manage relationships with senior management
- Qualifications or certifications in ICS areas important: CISM, CRISC, CISA, CISSP, CGEIT.
To quickly apply, please send your updated CV to this email: firstname.lastname@example.org