APAC Information Security Manager (GRC/ governance/ compliance)
Salary HKD500,000 - HKD750,000 per annum + bonus
Consultant Fiona Fung
Date posted 30 July 20192019-07-30 2019-09-28 it Kowloon HK HKD 500000 750000 750000 YEAR Robert Walters https://www.robertwalters.com.hk https://www.robertwalters.com.hk/content/dam/robert-walters/global/images/logos/web-logos/square-logo.png
My reputable client is looking to hire a talented Information Security Manager (GRC focus) to join their multi-cultural team.
About the responsibilities:
Technology Asset Protection Management
- In charge to define/maintain regional Technology security standards, promote awareness of such standards, and support the design, the implementation and the operating effectiveness of relevant security and compliance controls within the regional Technology landscape.
- Closely share and collaborate with the different security and compliance functions such as IT , the Group Security community, the regional risk and compliance stakeholders and relevant business stakeholders.
- Oversee and coordinate with asset owners any risk and compliance assessments activities to take place around Technology services/assets in the region.
Project Security Management
- Ensure that relevant security controls are designed and implemented by Technology project teams.
- Coordinate and monitor compliance and security Technology assessment efforts with both external (local regulators, external auditors) and internal stakeholders (e.g. internal vulnerability assessments).
- Establish and maintain a trusted relationship with key business stakeholders (Group, Region and Maisons) and Technology teams (incl. Infrastructure, Enterprise Application & Digital), as well as relevant Security, Risk & Compliance stakeholders in the region and beyond.
- Support the APAC region and Maisons in achieving compliance with our Group Security Policy and external relevant compliance requirements (ICS).
- Coordinate implementation of Group Technology standards within the Region and provide visibility regarding implementation gaps identified.
- Translate security and compliance requirements into Technology security and compliance controls.
- Actively support the remediation of vulnerabilities identified by internal and/or external teams at the regional level and impacting the regional Technology landscape.
- Actively support the Cyber Resilience team at the regional level in handling of regional security incidents (e.g. user investigation/remediation, root cause analysis & reporting) when requested.
About the requirements
- Able to deliver the responsibilities as discussed above with relevant experience to offer