(Senior) IT Security Governance Specialist
Hong Kong SAR
- BBBH827623 Sep 08, 2022 Competitive
Our client is a reputable commercial bank. They are looking for a (Senior) IT Security Governance Specialist to join their team.
- Provide support to strengthen the 1st line of defence to improve oversight of technology and cybersecurity risk
- Set up security standard and guideline for emerging technology and solution
- Design and arrange the corresponding actions to align with HKMA's Cybersecurity Fortification Initiative (CFI) 2.0 including C-RAF, i-CAST etc.
- Assist with KRI definition and reporting, indicator review, and committee meetings materials
- Ensure oversight of technology risk across domains of IT infrastructure and security by running risk assessments
- Perform 3rd party and network connection risk assessment based on regulatory requirement
- Assess technology deviation and liaise with IT teams of remediation process
- Liaise independent assessment with external assessor for critical IT projects
- Manage remediation actions for HKMA C-RAF and other regulatory reviews
- Coordinate and respond to inspections and examinations by the regulators, internal audit and external audits; handle information request and follow up IT related recommendations.
- Monitor security assurance and testing to ensure key controls remain compliant to regulatory requirement and bank standard
- 3+ years of experience in Technology Risk, IT Audit or Information Security Management
- Familiar with risk management practices in IT Infrastructure, IT Application and Service Management
- Holding IT Security related professional qualification (e.g. CISSP, CISA, CISM, CRISC, CEH) or equivalent certificate is an advantage
- Good understanding of the regulatory requirements, such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, CBRC, FFIEC and etc. Knowledge of overseas banking regulatory requirements, particularly in Singapore, China, Macau and US is a plus
- Knowledge in
- industry compliance requirements (e.g. PCI-DSS and SWIFT CSP)
- cyber security framework and standards, as well as industry security standards (application and network security best practices)
- cybersecurity technologies (e.g. IDS/IPS, WAF, SIEM, anti-DDoS, EDR, MDM, multi-factor authentication) is preferable
- Excellent in issue reporting/presentation and stakeholder management
- Experience in C-RAF, iCAST and SWIFT assessment is a plus
- Good command of spoken and written English
If this above description fits your experience and is something you would like to explore, please click 'Apply Now' to submit your resume to us.
Any questions, please feel free to contact Elsa Ng at 3907 3971
Delivery Consultant | Technology | Contracting Recruitment
+852 3907 3971