Which jobs are recruiters in Asia suddenly interested in as banks open up their hiring budgets in the wake of Chinese New Year? The answer isn’t compliance, it’s cyber security – a role where pay rises of up to 30% are now on offer.
In Hong Kong, the Cyber Security Risk Circular, an edict issued by the Hong Kong Monetary Authority in September last year, is now fuelling an unprecedented demand for cyber security staff at banks.
“The regulator expects banks to make tangible progress in strengthening cyber security controls in early 2016,” says Janice Sham, an IT risk consultant at recruiters Morgan McKinley in Hong Kong. “So banks are urgently initiating hiring requests to fulfil new regulatory demands and to minimise the risks of cyber attacks.”
It’s a similar story in Singapore, where last year the government set up a Cyber Security Agency to help banks and other companies tackle the cyber-attack threat. “With the government stepping in, there’s been a recent spike in the demand for cyber security professionals,” says Sam Randall, manager of financial services technology at recruiters Robert Walters.
He adds: “I foresee continued hiring in cyber security as banks harden their systems to cyber crime and ensuring ongoing compliance in response to changing regulations. Singapore is the Asia technology headquarters for many firms, so security is becoming a key recruitment focus.”
The jobs on offer are mainly in the following functions: penetration testing, malware testing, incident response, threat intelligence, security monitoring, security risk, and security compliance.
J.P. Morgan, HSBC and Standard Chartered are among the most active recruiters of cyber security staff in Asia, although “all banks want them”, according to a recruiter who asked not to be named.
Unsurprisingly, banks want to poach candidates already working in cyber security in the finance sector. “Someone with key knowledge of application risk or infrastructure risk who has worked on enterprise-level applications would be the ideal profile,” says Vince Natteri, a director at search firm Pinpoint Asia in Hong Kong.
Running short of talent
Unfortunately for banks, these people are thin on the ground in Asia. “The talent shortage is very bad because of the new surge in demand coupled with the small supply of well-trained cyber professionals,” says Mark O'Reilly, Asia managing director of recruitment agency Astbury Marsden. “It can take up to four years to train a cyber professional.”
“In comparison to the US and Europe, cyber security in Singapore is still in its infancy,” adds Randall from Robert Walters. “Banks have not focused heavily on cyber security graduate training programmes in recent years, resulting in a shortage of local talent.”
Banks in Asia will typically consider applications from overseas-based candidates. “More are now hiring foreign talent, which will help to upskill the Singaporean talent pool and aid succession planning. It’s one of the only areas of IT where they are still happy to relocate – usually for mid to senior-level people who would be building teams,” says Randall.
And banks are also hiring cyber security people from other sectors, including consultancy firms, security vendors and telecommunication companies. “They mainly target enterprise-level corporations where cyber security is viewed as very important. Some of my candidates also have a military background,” says Natteri from Pinpoint.
The growing talent shortage in cyber security this year is inevitably pushing up pay. Average salary increases for candidates changing employers range between 20% and 30%, says O'Reilly.
Image credit: sinemaslow, iStock, Thinkstock