Chief Information Security Officer

Job Responsibilities

• Lead the Information Security team and provide various Information & Cybersecurity services to the bank, including:
• Implement a fit and proper Information and Cybersecurity framework for the Bank
• Provide information security advice to IT and the business on new projects and initiatives
• Continuously improve the Bank’s cyber defence capability including threat monitoring, anomalies detection, cybersecurity incident detection and response
• Lead the implementation of various cybersecurity solution to protect the bank from cyber-attacks and data leakage
• Perform application and infrastructure security assessment
• Develop and manage information security improvement program for continuous improvement of the bank’s information security controls
• Deliver information and cybersecurity awareness program for the bank
• Develop information security metrics to monitor the bank’s information security posture and translate it into meaningful insights for the senior management
• Oversight and monitor on the activities performed by the Security Operation Center
• Formulate information security requirements for 3rd party service providers and monitor their compliance with those requirements
• Manage security incident and develop response plan for various attacks and security events
• Manage the threat and vulnerability management program

Job Requirements

• Extensive knowledge on information and cybersecurity principles and best practices
• Familiar with the regulatory environment of the banking and finance industry such as HKMA Cyber Resilience Assessment Framework C-RAF
• Strong communication and interpersonal skill and be able to work with stakeholders at all levels
• Degree holder major in Computer Science or related field
• Relevant certification in information security (e.g. CISSP, CISA or CISM etc.)
• At least 12 years of experience in information & cyber security, technology risk, regulatory compliance, risk & control from the banking and finance industry with over 4 years in team leadership role
• Practical experience in conducting information security risk assessment
• Experience in performing regulatory compliance assessment & reporting on information and cybersecurity