Virtual Banking - Director, Information Security

Titel: Virtual Banking - Director, Information Security
Vertragsart: Permanent
Location: Hong Kong, Hong Kong
Gehalt/Honorar: Bonus
Ref: 25032019_1553480904
Name des Kontakts: Rita Yu
Kontakt via E-mail:
Veröffentlicht am: seit 3 Monaten


Directly reporting to the CISO for the new virtual bank. This role is accountable for ensuring and strengthening the bank's control for information & cyber security risk. The successful candidate will manage the second line control environment to protect the Bank from information & cyber security risks.

Your Responsibilities

  • Act as Central Coordinator during significant information security events. Work closely with 1st Line Cybersecurity to oversee incident investigations and ensure security risks are identified and managed.
  • Direct the design of the Bank's second line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policy, risk assessment, and awareness.
  • Understand regulatory requirements for information & cyber security and define control requirements to mitigate relevant risks.
  • Support CISO in coordinating firm-wide cyber security programme such as business continuity programme, disaster recovery operations, impact analysis and training programme for different business streams.
  • Support CISO in representing the Bank on internal and external information & cyber security committees.
  • Establish & review assessment processes for:

1) new products and services &

2) the continuous monitoring of existing platforms and infrastructure.

  • Establish & review appropriate cyber risk tolerance threshold and follow-up action.

Your Required Skills:

  • Over 10 years' industry experience in information & cyber security risk mandatory
  • Experience of Information & Cyber Security's regulations (preferably HKMA) mandatory
  • Educational background in computer science, information security, or engineering.
  • Familiarity with information and cyber security regulatory requirements and the three lines of defence risk model
  • Experience in the following areas important: information security, cyber security, and technology risk management
  • Experience in the following areas desirable: network and application security, data loss prevention, identity and access management, vulnerability management, business continuity programme and disaster recovery operation.
  • Experience in Cloud Security Governance and related risk (Desirable).
  • Proficiency in MacOS environment (Desirable)
  • Influencing skills and ability to manage relationships with senior management
  • Qualifications or certifications in ICS areas important: CISM, CRISC, CISA, CISSP, CGEIT.

To quickly apply, please send your updated CV to this email: