Launch Recite Me assistive technology
Back to job search

Assistant Director Information Security

  • Location:

    Hong Kong

  • Sector:

    Risk & Compliance

  • Job type:

    Permanent

  • Salary:

    Negotiable

  • Contact:

    Abbie Ng

  • Contact email:

    Abbie.Ng@ojassociates.com

  • Job ref:

    JOB-122020-132594_1609751972

  • Published:

    über 3 Jahre her

  • Expiry date:

    2021-02-03

My Client is seeking an experienced information security from financial services background. Must have risk committee experience and strong risk frameworks implementation.

Duties:

  • Individual contributor role based in Hong Kong
  • Develop, manage and execute information security (including cyber) assurance reviews
  • Produce Business Unit and Group level reports on the status of implemented information security controls and Policy, including coordinating the annual Turnbull Policy attestation exercise.
  • Be responsible for the submission and fulfilment of Audit RFIs that are addressed at the group information security and privacy team.
  • Coordinate audit readiness exercise when required to ascertain the control postures prior to major audit.
  • Use the output and knowledge gained from assurance reviews to craft the development of Group policy, technical standards and procedures
  • Build process and tool to track exception to Standards and Policy.
  • Periodic review, continuous improvement, and compliance management of Policy and standards.
  • Coordinate the structure and management of Standards across all security disciplines.
  • Third party security management and oversight (assessment process, template and performing assessment on regionally engaged 3rd parties)
  • Continuous improvement and development of the tool and process used to handle audit RFIs submission and fulfilment.
  • Prepare presentations deck and write analysis paper for submission in various senior governance forum within Risk and Digital departments.

Requirements:

  • Experience of implementing information security (including cyber) policy and systems, including supporting procedures and technical standards.
  • Experienced and understanding of information security (including cyber) standards and implementation, including:
  • International security control standards (e.g. ISO, ISF, NIST)
  • Security architecture, infrastructure and technologies, e.g., network security, web services, operating and systems, etc.
  • information security (including cyber) audits and reviews
  • Technical and procedural risk analysis,
  • information security (including cyber) policy development and compliance monitoring
  • Ability to handle information security (including cyber) projects related to all areas of Prudential business
  • Strong analytical skills, Good written and communication skills
  • Pro-active, with the ability and confidence to drive forward discussions, co-ordinate activities, make judgements and take decisions
  • Ability to work under stress and cope with results-oriented demands
  • Ability to connect with people at all levels and build strong working relationships
  • Ability to deal appropriately with information which may be highly sensitive
  • Appropriate Graduate and / or Professional Qualifications, eg CISM, CISA, CISSP (or equivalent industry experience)
  • Technically proficient to be able to translate information security topics, initiatives / program into something that is digestible for parties outside of information security community.
  • Display subject matter experience in diverse information security areas (e.g. application security, Cloud security, Vulnerability Management, agile lifecycle management, DevSecOps, etc)
  • Strong business insight within the insurance / financial services industry and related operational fields.
  • More than 10 years + experience in the information security, privacy and technology risk field, preferably in the financial services industry.

Back to job search
Image 2020 11 03 T18 21 29

The latest OJ Webinar

Are you looking to relocate?