Our client is a leading digital assets company headquartered in Hong Kong. They are currently looking for an in-house Information Security Professional with a considerable experience on supporting functions including IT Audit & Assurance, IT Risk & Compliance and Security Control.
Build an effective IT Assurance Framework according to the industry best practices and standards, technologies, relevant regulatory and requirements.
Support and lead the enhancement, review and development of IT security policy, processes and procedures
Enhance and automate the existing IT Control Framework
Lead periodic IT control / IT assurance campaign to ensure the performance of control execution of technology teams and technology related processes
Assist on external assessment requests, regulatory inspections, certification campaigns and external audit engagements.
Perform ad-hoc tasks as requested by the team.
Bachelor’s Degree (in any Discipline) with strong passion in IT Audit and Information Security
Strong communication skills to collaborate with various stakeholders in English.
1 to 3 years of work experience at least one of the below areas:
IT Audit and Assurance
IT Risk and Control
Policy Writing and Process Improvement
Enterprise Risk Management
Experience in at least two of the below framework, certification and regulatory requirements is preferred:
MAS Technology Risk Management Guideline and Cyber Hygiene Notice
ISO 27001 / 27002 / 27701
NIST Cybersecurity Framework
SOC 2 / AICPA Trust Service Criteria
Any relevant certification including CISA, CISM, CISSP, CRISC, ISO27001 Lead Auditor would be an added advantage.