Cyber Risk Assurance Lead

We are looking for a Cyber Risk Assurance Lead on the second line of defence to work closely with our Technology team. The Cyber Assurance Lead will help us design and manage information and cyber security risk from risk assessment and governance to business engagement and strategy. Solid Info & Cyber Security experience with HKMA is mandatory. Experience in FinTech or eCommerce is preferred.

  • Direct the design of the Bank’s second line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policy, risk assessment, and awareness
  • Understand regulatory requirements for information & cyber security and define control requirements to mitigate relevant risks
  • Act as primary coordinator during significant information security events. Work with 1st Line Cybersecurity to oversee incident investigations and ensure security risks are identified and managed
  • Support CISRO in coordinating firm-wide cyber security programme such as business continuity programme, disaster recovery operations, impact analysis and training programme for different business streams
  • Support CISRO in representing the Bank on internal and external information & cyber security committees
  • Establish & review assessment processes for: 1) new products and services; and 2) the continuous monitoring of existing platforms and infrastructure
  • Establish & review appropriate cyber risk tolerance threshold and follow-up action
  • Solid experience in information & cyber security risk mandatory
  • Experience in fintech or FI or eCommerce preferred
  • Experience of ICS regulation (preferably HKMA) mandatory
  • Educational background in computer science, information security, or engineering
  • Familiarity with information and cyber security regulatory requirements and the three lines of defence risk model
  • Experience in the following areas important: information security, cyber security, and technology risk management
  • Experience in the following areas desirable: network and application security, data loss prevention, identity and access management, vulnerability management, business continuity programme and disaster recovery operation
  • Experience in Cloud Security Governance and related risk is desirable
  • Proficiency in MacOS environment is desirable
  • Influencing skills and ability to manage relationships with senior management
  • Qualifications or certifications in ICS areas important: CISM, CRISC, CISA, CISSP, CGEIT