SENIOR IT SECURITY MANAGER (CYBER RISK & ASSURANCE)
Responsibilities:
Support and drive security management’s directives in priority
Enhance current practices to mitigate cyber risks and the establishment of a risk framework
Align risk appetite and fine-tune processes necessary within the business
Support and conduct security compliance and governance exercise and awareness refresh programme
Follow and execute risk management practices with Risk Registers, Issue Management, Risk & Controls Library, Impact Thresholds, Risk Reporting, Controls Testing, and Security Governance
Assess risks based on policy, standards, technology compliance requirements and best practices IT and business projects and activities
Ensure security measures properly adopted for risk mitigation
Risk exception and acceptance must be well governed, timely validated and properly escalated
Prepare reporting to senior management on the current security posture
Contribute to third-party risk management and well engage with and manage audit activities
Participate and contribute positively to create a diverse and inclusive culture with trust and respect. Play an active role to support cross team/division/department efforts and model collaborative behaviours
Requirements:
University degree or above in IT, Management Information System, cybersecurity and/or risk compliance
At least 8-10 years of experience in IT technical roles and audit, 3 years of hand-on in technology risk assessment and security compliance aspects
CISA, CISSP, CRISC or equivalent is preferable
Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks/Practices e.g. NIST, COBIT etc.
Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security)
IT background with operations, enterprise networking, operating systems and database security risk controls
Sound skill across: DevSecOps, cloud security, PII, GDPR, and Cyber security laws in China
High problem solving, risk management and analytical skills
Strong interpersonal, management, negotiation and presentation skill
Experience in adopting risk-based assessment methodologies and engaging audit counter-parts
Experience in performing risk assessment and evaluation
Experience in reporting risk tailored to IT and business stakeholders about most significant risks to the business
Competency consulting background in IT, Cyber Security and/or IT Audit and Control Compliance
Competency interacting with seasoned colleagues on Technology and Cybersecurity Risk, Audit and compliance agenda
Experience in building and promoting risk awareness amongst IT and business staff by providing support and training within the company
Effectively manage multiple priorities, work independently and in a team-oriented and collaborative environment
An aptitude for technical writing e.g. assessment reports, presentations, management dashboard and risk indicators/metrics
Fluent in both written and spoken English; fluent spoken Cantonese
If you would like to apply for this position, please click "Apply" or send your CV to evan.chin@greyanderson.com. For more details, please contact Evan Chin on +852 2177 7577, or Whatsapp +852 9166 4855.