Vice President, IT Security Governance

Country of Location:

Job Responsibilities:

Governance
• Assist to strengthen the 1st line of defense to improve oversight of cyber/technology risk and support the rapid development and transformation initiatives of the bank.
• Assist to develop and maintain Information Security Policy and associated standard and guidance pertaining to regulatory requirement and industry standard.
• Organize and facilitate the remediation actions to align with HKMA’s C-RAF 2.0 requirement, including but not limited to conducting maturity assessment; adoption of intelligence sharing platform; and professional development.
• Assist to organize bank-wide awareness education program and necessary trainings to promote the security cultures of the Bank.
• Coordinate and respond to audit issues in relation to Cybersecurity and Infrastructure to satisfy the compliance requirement.
• Assist the KRI reporting and review indicator when requested, support to provide materials for committee meetings.
• Ensure security admin activities are timely and properly handled.
Risk
• Perform risk assessment to ensure oversight of cyber/technology risk across domains of IT infra and security expertise.
• Evaluate technology deviation and liaise with ITG teams to access controls and monitor remediation process.
• Liaise external 3rd party to conduct independent assessment.
• Perform due diligence on key 3rd parties, including cyber and technology risk assessment, site visits etc.
Compliance
• Perform gap analysis on regulatory and head/overseas branch office requirement including HKMA, MAS and mainland China.
• Provide input for inspections and examinations by the regulators, internal and external audits; handle information request and follow up IT related recommendations.
• Ad-hoc task or project assigned by management related to IT Security Governance.
Security Administration
• Assist in carrying out operational tasks over security administration functions and system projects.
• Assist in regular user access review to fulfill regulatory and audit requirement.

Requirements:

• Has experience in TRM or Audit or Information Security Management. 

• Knowledgeable in risk management practices in IT Infrastructure, IT Application, and IT Service Management.

• Have good understanding of the regulatory requirements such as HKMA (C-RAF 2.0,  TM-E-1, TM-G-1, TM-G-2, SA-2, TM-C-1), MAS TRM, CBRC, FFIEC and etc. Possess knowledge of overseas banking regulatory requirements, particularly in Singapore, China, Macau and US is an advantage.

• Familiar with industry compliance requirements such as PCI-DSS and SWIFT CSP.

• Good understanding of industry best practices e.g. ISO27001, COBIT etc.

• Sound knowledge on various platforms’ operation system such as Windows, Unix, Linux.

• Know-how to detect, investigate and resolve cyber-attacks, and coordinate with law enforcement body or Cyber security protection alliance   

• Knowledge in network security products such as Firewall, Router, Switch, DDoS, IDS/IPS, Load-balancer, SSL VPN, End-point protection, DLP and APT solution.

• Knowledge in emerging technology and security for VDI, Mobility, Cloud, etc

• Knowledge in vulnerability scan/penetration test and SWIFT, PCI-DSS assessment.

• Degree holder in Information Technology, Information System or related discipline.

• Minimum 5 years’ experience in IT and/or Information Security/Technology Risk Management 

• Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity

• Certified in CISSP, CISA, CISM or other recognized certificate is highly preferable 

• ITIL/PMP certification is an advantage 

• Cybersecurity related certifications in Mainland China would be an advantage