Job Description The position directly under the Security Head, initially as a contract, role focusing on maintaining/enhancing security standards ac..
Job Description The position directly under the Security Head, initially as a contract, role focusing on maintaining/enhancing security standards across systems, teams, and with regulatory bodies. This is an opportunity to build upon your existing IT Security 2nd and 3rd line of defense knowledge. While, gaining further In-house FS exposure in security standards, regulatory bodies, third party projects, and Internal Security assessments for the highly regulated Financial Services industry. Responsibilities: Conduct cybersecurity risk assessment to ensure IT operation and projects compliance with regulatory requirements and cybersecurity standards Provide guidance and recommendations to address control deficiencies identified through investigations Work with internal and external auditors, regulatory bodies, and third parties Continuously monitor the effectiveness of controls for identified risks and ensure completion of action plans to address control weaknesses. Prepare management reports, providing personal expertise & independent perspectives on strategic risk and significant risks and losses Maintain and update relevant IT governance policies and procedures Thake charge of the security training awareness program within the organization Requirements: Degree holder in Information Technology, IT Security, OR certified ISO27001, CISA, CISSP, CISM etc. 2+ years of relevant experience in 2nd and/or 3rd line of defense for information security, technology risk, or IT audit Good communication skills in both written and spoken English and Chinese Great to have: Strong knowledge of IT/security risk management, controls, and processes Sound knowledge of Information Security, System Resiliency & Availability & Software development practices, Application Security and frameworks Preferrably familiar with SFC, MPFA regulatory compliance Preferrably familiar with ISO27001, C-RAF, NIST, PDPO, GDPR etc.