Chief Information Security Officer

Job Responsibilities

• Lead the Information Security team and provide various Information & Cybersecurity services to the bank, including:
• Implement a fit and proper Information and Cybersecurity framework for the Bank
• Provide information security advice to IT and the business on new projects and initiatives
• Continuously improve the Bank’s cyber defence capability including threat monitoring, anomalies detection, cybersecurity incident detection and response
• Lead the implementation of various cybersecurity solution to protect the bank from cyber-attacks and data leakage
• Perform application and infrastructure security assessment
• Develop and manage information security improvement program for continuous improvement of the bank’s information security controls
• Deliver information and cybersecurity awareness program for the bank
• Develop information security metrics to monitor the bank’s information security posture and translate it into meaningful insights for the senior management
• Oversight and monitor on the activities performed by the Security Operation Center
• Formulate information security requirements for 3rd party service providers and monitor their compliance with those requirements
• Manage security incident and develop response plan for various attacks and security events
• Manage the threat and vulnerability management program

Job Requirements

• Extensive knowledge on information and cybersecurity principles and best practices
• Familiar with the regulatory environment of the banking and finance industry such as HKMA Cyber Resilience Assessment Framework C-RAF
• Strong communication and interpersonal skill and be able to work with stakeholders at all levels
• Degree holder major in Computer Science or related field
• Relevant certification in information security (e.g. CISSP, CISA or CISM etc.)
• At least 12 years of experience in information & cyber security, technology risk, regulatory compliance, risk & control from the banking and finance industry with over 4 years in team leadership role
• Practical experience in conducting information security risk assessment
• Experience in performing regulatory compliance assessment & reporting on information and cybersecurity

We offer competitive package to the right candidates. Interested parties please send your resume with current and expected salary by clicking the Apply Now button.

All information provided by applicants will be treated in strict confidence and handled confidentially for recruitment purposes only. Applicants who are not contacted within 8 weeks may consider their application unsuccessful and their data will be destroyed within 12 months.