VP/AVP - Information Security Risk Management

Main Responsibilities

• Implement systems security polices, perform IT security administration, control, review, and support regular security profile review
• Manage the technology risk management processes to identify emerging or existing technology-related risks including but not limited to measure the impact, likelihood and direction of technology-related risks, regularly monitor any technology-related issues or incidents and control the risks through preventive, compensating and contingency measures
• Establish and enforces standard of process related to Technology Risk Management
• Manage the IT security function to ensure strict adherence to the corporate security control requirements, establishes corporate security policies / standards / baselines and departmental procedures, oversee security administration and control, and conducts regular security profile review
• Manage and monitor project progress to ensure consistency and uniformity from Information Security Risk perspective
• Manage cyber security risk and perform investigation of any technology-related frauds and incidents
• Support internal / external / regulatory audit review and conduct service provider review
• Ensure awareness of and compliance with IT control policies, corporate standards and regulatory requirements
• Review security matrix e.g. toxic combination and configuration review
• On-call standby support is required during non-office hours

Requirements

• Degree holder in Information Technology or related discipline
• Minimum 5 years of relevant experience in Technology Risk or Information Security Risk domain, preferably gained from banking / finance industry
• Experience in technology risk management and IT compliance is an advantage
• Strong understanding of Information Technology Risk Management
• Sound knowledge of database, operating systems and information security practices
• Customer-oriented, good communication and interpersonal skills
• Holder of ECF-C recognized certification at professional level is required
• Able to work under pressure and willing to work overtime
• Strong problem-solving skill and analytical mind set
• Good command of written and spoken English and Mandarin

Applicants who are not contacted within 8 weeks may consider their applications unsuccessful and their personal data will be retained by the bank for a period up to two years.

All information provided by applicants will be used for recruitment purposes only and will be used strictly in accordance with the bank’s personal data policies, a copy of which will be provided upon request.