Chief Info Security Risk Officer

We are looking for a CISRO to be accountable for ensuring and strengthening the bank’s control for information & cyber security, and technology. The CISRO will manage the control environment to protect the Bank from information & cyber security and technology risks and be the change agent to continuously manage and improve the information & cyber security and technology framework for the bank. Experience in both technology risk and information & cyber security risk is required.

我想加入Mox隊員
Responsibilities

Information & Cyber Security

  • Lead and direct the design of the Bank’s second line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policy, risk assessment, and awareness
  • Understand regulatory requirements for information & cyber security and define control requirements to mitigate relevant risks
  • Represent the Bank on internal and external information & cyber security committees
  • Establish an assessment processes for:

    • new products and services; and
    • continuous monitoring of existing platforms and infrastructure

Technology Risk

  • As a specialist in Technology Risk & Controls, build a firm foundation of risk & control within a fast-paced technology banking environment
  • Uphold the integrity of technology risk within the Bank’s risk appetite
  • During the build of the virtual bank, provide a focal point of control for the bank’s technology risk, including the design and monitoring of effective controls
  • Understand regulatory requirements for technology risk and define control requirements to mitigate relevant risks
  • Ensure the risks of processing failure are actively managed and monitored
  • Design and implement healthy 1st line risk & controls for technology
  • Understand and overcome the nuances in the governance of an agile bank compared to a traditional bank
Requirements
  • Aggregate industry experience in both technology risk and information & cyber security risk
  • Experience of technology regulations, preferably HKMA
  • Educational background in computer science or information security
  • Familiarity with the regulatory requirements of a digital or virtual bank and the three lines of defence risk model
  • Experience in the following areas is important: information security, cyber security, technology risk management, privacy, and cloud technology
  • Experience in the following areas is desirable: cloud security, network and application security, data loss prevention, identity and access management, vulnerability management, and data encryption
  • Influencing skills and ability to manage relationships with senior management

Close