Technical Manager (Cyber Risk and Compliance)
|Job Title:||Technical Manager (Cyber Risk and Compliance)|
|Contact Name:||Jackie Vargas|
|Job Published:||June 03, 2021 17:52|
- Support and drive security management’s directives in priority.
- Enhance current practices to mitigate cyber risks and the establishment of a risk framework.
- Align risk appetite and fine-tune processes necessary within the business.
- Support and conduct security compliance and governance exercise and awareness refresh programme.
- Follow and execute risk management practices with Risk Registers, Issue Management, Risk & Controls Library, Impact Thresholds, Risk Reporting, Controls Testing, and Security Governance.
- Assess risks based on policy, standards, technology compliance requirements and best practices IT and business projects and activities.
- Ensure security measures properly adopted for risk mitigation.
- Risk exception and acceptance must be well governed, timely validated and properly escalated.
- Prepare reporting to senior management on the current security posture.
- Contribute to third-party risk management and well engage with and manage audit activities.
- University degree or above in IT, Management Information System, cybersecurity and/or risk compliance.
- At least 5 years of experience in IT technical roles and audit, 3 years of hand-on in technology risk assessment and security compliance aspects.
- Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks/Practices e.g. NIST, COBIT etc.
- Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security).
- IT background with operations, enterprise networking, operating systems and database security risk controls.
- Sound skill across: DevSecOps, cloud security, PII, GDPR, and Cyber security laws in China.
- High problem solving, risk management and analytical skills.
- Strong interpersonal, management, negotiation and presentation skill.
- CISA, CISSP, CRISC or equivalent is preferable.
- Experience in adopting risk-based assessment methodologies and engaging audit counter-parts.
- Experience in performing risk assessment and evaluation.
- Experience in reporting risk tailored to IT and business stakeholders about most significant risks to the business.
- Competency consulting background in IT, Cyber Security and/or IT Audit and Control Compliance.
- Competency interacting with seasoned colleagues on Technology and Cybersecurity Risk, Audit and compliance agenda.
- Experience in building and promoting risk awareness amongst IT and buz staff by providing support and training within the company.
- Effectively manage multiple priorities, work independently and in a team-oriented and collaborative environment.
- An aptitude for technical writing e.g. assessment reports, presentations, management dashboard and risk indicators/metrics.