Direct the design of the Bank's second line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policy, risk assessment, and awareness.
- Understand regulatory requirements for information & cyber security and define control requirements to mitigate relevant risks.
- Act as primary coordinator during significant information security events. Work with 1st Line Cybersecurity to oversee incident investigations and ensure security risks are identified and managed.
- Support CISO in coordinating firm-wide cyber security programme such as business continuity programme, disaster recovery operations, impact analysis and training programme for different business streams.
- Support CISO in representing the Bank on internal and external information & cyber security committees.
- Establish & review assessment processes for: 1) new products and services; and 2) the continuous monitoring of existing platforms and infrastructure.
- Establish & review appropriate cyber risk tolerance threshold and follow-up action.
Our Ideal Candidate
- Solid industry experience in information & cyber security risk mandatory
- Experience of ICS regulation (preferably HKMA) mandatory
- Educational background in computer science, information security, or engineering.
- Familiarity with information and cyber security regulatory requirements and the three lines of defence risk model
- Experience in the following areas important: information security, cyber security, and technology risk management
- Experience in the following areas desirable: network and application security, data loss prevention, identity and access management, vulnerability management, business continuity programme and disaster recovery operation.
- Experience in Cloud Security Governance and related risk (Desirable).
If you are interested in this role, please apply below or contact me for more information.
