Our client is a boutique European private bank and this regional position will support mainly Singapore and Hong Kong. We are looking for a VP level Info Security Officer to implement and support risk & governance framework and policies pertaining to Technology Risk and Info Security. The scope of work is broad and will include smaller bits like data loss, BCM etc. If high degree of work autonomy and a balanced work culture is what you desire, please reach out to me to discuss.
Technology and Information Security Risk, Asia
Reporting to: Head of Risk Controlling, Asia
The role will be the Information Security Officer (ISO) for Singapore and Hong Kong branches, primary responsible for 2LOD (2nd line of defense) technology risk, information security and data protection. The ideal candidate should have core experiences in:
- Technology Risk
- Information Security
- Data Protection (DPO)
He or she is responsible for ensuring robust framework, processes and control procedures are implemented and maintained in accordance to Group, local regulatory requirements and industry best practices.
The incumbent will also support the Head of Risk and the COO in Business Continuity Management and Outsourcing.
Duties & Responsibility
- Develop and maintain organization framework, rulesets, policies and procedures on information security and data protection.
- Maintain inventory of Availability, Integrity, and Confidentiality (AIC) classification of all systems and ensure regular review.
- Perform periodic technology risk assessment and testing.
- Implementation of information security controls and oversight.
- Risk monitoring and reporting
- Manage information and data life cycle
- Conduct regular security risk assessments to ensure compliance with Group policies and local regulatory requirements of Singapore and Hong Kong.
- Review the local security exception requests and provide support and guidance to the relevant colleagues.
- Support business functions in performing information and data security review/ assessment.
- Coordinate business impact analysis and dependency mapping for key processes.
- Coordinating in establishing and testing Business Continuity Plan.
- Perform regular assessments as to ensure compliance with Group policies and local regulatory requirements of Singapore and Hong Kong.
Requirement (Working experience and education background)
- Familiar or experience with MAS TRM /HKMA TM-G-1, MAS BCM /HKMA TM-G-2, MAS Risk Mgt & Operational Resilience in Remote Environment /HKMA TM-OR-2, HKMA C-RAF and ISO27001.
- CISSP (Certified Information Systems Security Professional) or CISA (Certified Information Systems Auditor ) or equivalent certification
- Familiar or experience with Singapore PDPA /Hong Kong PDPO.
- CIPP/A (Certified Information Privacy Professional /Asia)
- Willing to undertake Professional Certification Programs if necessary
- University or adequate level with at least 8 years’ experience in Technology Risk, preferably in banking industry.
- Willing to travel (10%)