Information Security Risk & Compliance Specialist

Titel: Information Security Risk & Compliance Specialist
Vertragsart: Permanent
Location: Hong Kong, Hong Kong
Gehalt/Honorar: Bonus
Ref: 201811162_1542334288
Name des Kontakts: Rita Yu
Kontakt via E-mail:
Veröffentlicht am: seit 26 Tagen


Global Insurance Company - Information Security Risk & Compliance Specialist (Regional)

Great Exposure

To look after the APAC business: Singapore, Australia, Malaysia, Hong Kong, Indonesia and Japan

Your Role

  • Perform the following security assessments using a risk-based methodology in high quality including Cloud Security assessments, Vendor assessments, Business or Application assessments, including pre-& post implementation reviews, Regulatory assessments, such as local regulations ISO27001, PCI, SOC2 and Themed Security reviews
  • Assure all the requirements are communicated to the business stakeholders and APAC requirements are considered in global IT security compliance projects
  • Coordinate regional information security actions and provide regular status reports
  • Maintain the APAC Information Security gap, assessment and exception repositories; perform analysis to identify common themes and drive regional remediation activities
  • Closely liaise with Global Information Security in the Global Cyber Risk Reporting project
  • Support and advise the APAC Business Information Security Officers (BISOs) in IT security & compliance related policies and standards
  • Support the APAC BISOs in developing Regional and IT Security dashboard to help BU Management to understand IT security risk exposure
  • Update and maintain IT Security, Risk and Compliance frameworks, policies and standards for the APAC region

Your Skills And Experience

  • University degree holder with minimum 5 years of professional experience in information security or related fields
  • Qualification in CISA / CISM / CRISC and/or CISSP
  • Experience or certification in PCI ISA and/or ISO27001 is a plus
  • Big4 information security consulting or IT audit experience is an advantage
  • Sound knowledge in IT security and compliance concepts, architecture and controls
  • Good understanding of operating system platforms and security models, holistic set of IT technologies and processes (databases, networking, web/application, change management, SDLC, disaster recovery, monitoring, help desk, etc.)

Proficiency in written and spoken English