Connecting...

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9lyw1lcy1jb25zdwx0aw5nl2pwzy9pbmqty29uc3vsdgfudc1kzwzhdwx0lmpwzyjdxq

Job Overview

Information and Cybersecurity Officer

Location: Hong Kong Salary: $1.2 million HKD per year base
Type: Permanent Contact: Robyn Charter
Posted: 4 months ago

Direct the design of the Bank's second line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policy, risk assessment, and awareness.

  • Understand regulatory requirements for information & cyber security and define control requirements to mitigate relevant risks.
  • Act as primary coordinator during significant information security events. Work with 1st Line Cybersecurity to oversee incident investigations and ensure security risks are identified and managed.
  • Support CISO in coordinating firm-wide cyber security programme such as business continuity programme, disaster recovery operations, impact analysis and training programme for different business streams.
  • Support CISO in representing the Bank on internal and external information & cyber security committees.
  • Establish & review assessment processes for: 1) new products and services; and 2) the continuous monitoring of existing platforms and infrastructure.
  • Establish & review appropriate cyber risk tolerance threshold and follow-up action. 


Our Ideal Candidate

  • Solid industry experience in information & cyber security risk mandatory
  • Experience of ICS regulation (preferably HKMA) mandatory
  • Educational background in computer science, information security, or engineering.
  • Familiarity with information and cyber security regulatory requirements and the three lines of defence risk model
  • Experience in the following areas important: information security, cyber security, and technology risk management
  • Experience in the following areas desirable: network and application security, data loss prevention, identity and access management, vulnerability management, business continuity programme and disaster recovery operation. 
  • Experience in Cloud Security Governance and related risk (Desirable).


If you are interested in this role, please apply below or contact me for more information.