Connecting...

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9tywluc3rhes1hc2lhl2pwzy9iyw5uzxitzgvmyxvsdc5qcgcixv0

Technical Manager (Cyber Risk and Compliance)

Technical Manager (Cyber Risk and Compliance)

Job Title: Technical Manager (Cyber Risk and Compliance)
Contract Type: Perm
Location: Hong Kong
Industry:
Reference: 1868
Contact Name: Jackie Vargas
Job Published: June 03, 2021 17:52

Job Description

Job Scope:

  • Support and drive security management’s directives in priority.
  • Enhance current practices to mitigate cyber risks and the establishment of a risk framework.
  • Align risk appetite and fine-tune processes necessary within the business.
  • Support and conduct security compliance and governance exercise and awareness refresh programme.
  • Follow and execute risk management practices with Risk Registers, Issue Management, Risk & Controls Library, Impact Thresholds, Risk Reporting, Controls Testing, and Security Governance.
  • Assess risks based on policy, standards, technology compliance requirements and best practices IT and business projects and activities.
  • Ensure security measures properly adopted for risk mitigation.
  • Risk exception and acceptance must be well governed, timely validated and properly escalated.
  • Prepare reporting to senior management on the current security posture.
  • Contribute to third-party risk management and well engage with and manage audit activities.

 

Requirement:

  • University degree or above in IT, Management Information System, cybersecurity and/or risk compliance.
  • At least 5 years of experience in IT technical roles and audit, 3 years of hand-on in technology risk assessment and security compliance aspects.
  • Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks/Practices e.g. NIST, COBIT etc.
  • Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security).
  • IT background with operations, enterprise networking, operating systems and database security risk controls.
  • Sound skill across: DevSecOps, cloud security, PII, GDPR, and Cyber security laws in China. 
  • High problem solving, risk management and analytical skills.
  • Strong interpersonal, management, negotiation and presentation skill.
  • CISA, CISSP, CRISC or equivalent is preferable.
  • Experience in adopting risk-based assessment methodologies and engaging audit counter-parts.
  • Experience in performing risk assessment and evaluation.
  • Experience in reporting risk tailored to IT and business stakeholders about most significant risks to the business.
  • Competency consulting background in IT, Cyber Security and/or IT Audit and Control Compliance.
  • Competency interacting with seasoned colleagues on Technology and Cybersecurity Risk, Audit and compliance agenda.
  • Experience in building and promoting risk awareness amongst IT and buz staff by providing support and training within the company.
  • Effectively manage multiple priorities, work independently and in a team-oriented and collaborative environment.
  • An aptitude for technical writing e.g. assessment reports, presentations, management dashboard and risk indicators/metrics.