Vice President, IT & Cyber Risk Control, Risk Management, Asia Pacific

Vice President, IT & Cyber Risk Control, Risk Management, Asia Pacific

Country: Hong Kong

This position is vital to perform all the functions needed to comply with Group IT Cybersecurity risk Framework and regulatory requirements in Hong Kong (HKMA), China (CBIRC) and Singapore (MAS).

Key Responsibilities

• Use risk management principles to ensure the confidentiality, integrity and availability of information assets and information systems are safeguarded in accordance with the bank's operating model and risk appetite.

• Conducting independent evaluations of technology and cybersecurity capabilities, and provide expertise and advice on the local cyber security plan implementation (example: the IT Asset Management, Obsolescence plan, Access management controls, Physical and data security, Vulnerability and patch management, Network security management, Third parties assessments).

• Review current policies and procedures to identify process gaps and opportunities for improvement.

• Implement and execute the Cybersecurity risk oversight program.

• Coordinating independent Cyber risk assessments from Group and/or regulators providing oversight and challenge across the risk identified ensuring that action plans are identified and monitored (CRAF, etc.)

• Lead and Monitor Key IT & Cyber risk indicators and action plans.

• Review that IT and cyber incidents are managed properly (Internal and External).

• Monitor IT projects ensuring that risk and control or mitigation plans are correctly identified.

• Through walkthroughs and testing, identifies possible internal control breakdowns and gaps and report them to management.

• Oversight the BCP (Business Continuity plan) policies and procedures.

• Lead IT & cybersecurity risk scenarios analysis.

• Monitor, review and update IT & Cyber risk profile and controls on a regular basis.

Basic Requirements

• At least 7 years of proven experience in IT security and controls functions.

• Bachelor’s degree in computer science, Engineering, Physics, Math or related field. Postgraduate degree is a plus.

• IT security certifications CISA, CISM, CRISC, CCNA/CCNP, CISSP, CEH, ITIL/COBIT.

• Knowledge of frameworks and standards related to IT security, ISMS and risk management (FFIEC, FAIR, ISO27001; ISO31000,NIST CSF,800-53, 800-30, Cobit5, OWASP, CMMI, ITIL, TOGAF, COSO, Mitre ATT&CK, China Cybersecurity Law), knowledge of C-RAF, TM E-1, TMG-1 and TMG-2 is a definitive advantage.

• High English and Mandarin Level.

• Strong organizational, project management, and multi-tasking skills with demonstrated ability to manage expectations and deliver results.

• Ability to understand complex technical systems and the business processes they support and synthesize the corresponding risks and controls and recommend adjustments if required.