AVP, IT Security Governance
Job Purpose:
- Strengthen the 1st line of defense for IT department elated to cybersecurity maturity, improve oversight of cyber/technology risk, to support the rapid Fintech development and transformation initiatives.
- Build and reinforce IT governance and compliance monitoring, which is segregated from IT operation and implementation to liaise the technology standard and compatibility with new technology;
- Support compliance monitoring in order to minimize potential risk, regulatory issue and other audit issues, which is in line with the expectation of the Bank and the regulators.
- Drive and manage IT and cybersecurity improvement and remediation programs (C-RAF and iCAST) according to regulatory and audit requirement, and major risk identified.
Responsibilities:
Governance
- Assist to strengthen the 1st line of defense to improve oversight of cyber/technology risk and support the rapid Fintech development and transformation initiatives.
- Maintain and uphold the risk governance and management framework
- Assist to develop and maintain Information Security Policy and Cyber Security Strategy, associated standard and guidance pertaining to regulatory requirement and industry standard.
- Organize and facilitate the remediation actions to align with HKMA's C-RAF 2.0 and iCAST requirement, including but not limited to conducting maturity assessment; adoption of intelligence sharing platform; and professional development.
- Ensure IT practices and controls are adequately developed to address information leakage risk.
- Assist to organize bank-wide awareness education program and necessary trainings to promote the security cultures of the Bank.
- Coordinate and respond to audit issues in relation to Cybersecurity to satisfy the compliance requirement.
- Assist the KRI reporting and review indicator when requested, support to provide materials for committee meetings.
Risk
- Perform risk assessment to ensure oversight of cyber/technology risk across domains of IT infra and security expertise
- Evaluate technology deviation and liaise with IT teams of implementation process
- Liaise external 3rd party to conduct independent assessment.
Compliance
- Perform gap analysis on regulatory requirement including HKMA and MAS TRM associated guidance
Provide input for inspections and examinations by the regulators, internal and external audits; handle information request and follow up IT related recommendations.
- Ad-hoc task or project assigned by management related to IT Security Governance.
Requirements:
- Degree holder in Information Technology, Information System or related discipline.
- Minimum 5 years' experience in IT and/or Information Security/Technology Risk Management
- Solid experience in TRM or Audit or Information Security Management.
- Knowledgeable in risk management practices in IT Infrastructure, IT Application, and IT Service Management.
- Good at issue reporting/presentation and stakeholder management.
- Familiar with industry compliance requirements such as PCI-DSS and SWIFT CSP.
- Good understanding of industry best practices e.g. ISO27001, COBIT etc.
- Have good understanding of the regulatory requirements such as HKMA (C-RAF 2.0, iCAST, TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, CBRC, FFIEC and etc. Possess knowledge of overseas banking regulatory requirements, particularly in Singapore, China, Macau and US is an advantage.
- Experience in Big 4 or financial institution will be an advantage.
- Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
- Certified in CISSP, CISA, CISM or other recognized certificate is a must
- ITIL/PMP certification is preferred
- Certified in CEH, GIAC, CCNP would be an added advantage
