Job Description

Company Profile
MIZUHO HAS A LONG-TERM COMMITMENT TO THE HONG KONG MARKET. WITH STRONG TIES TO MIZUHO\'S GLOBAL NETWORK AND A WORKFORCE OF OVER 600 STAFF IN HONG KONG, WE ARE ABLE TO HELP CORPORATIONS IN HONG KONG TO EXPAND THEIR BUSINESS WORLDWIDE. OUR CLIENTS PRIMARILY COMPRISE JAPANESE AND NON-JAPANESE CORPORATIONS (INCLUDING THOSE DOMICILED IN THE PRC), FINANCIAL INSTITUTIONS, AND GOVERNMENT AND QUASI-GOVERNMENT ORGANIZATIONS. WE PROVIDE A FULL SPECTRUM OF CORPORATE BANKING SERVICES TO OUR CUSTOMERS INCLUDING SYNDICATED LOANS, TREASURY, TRANSACTION BANKING, FINANCIAL ADVISORY, PROJECT FINANCE, MERGER AND ACQUISITION, LEVERAGED FINANCE, AND STRUCTURED FINANCE.

Job Responsibilities
The Executive Director, Risk & Control, APAC is responsible for developing, implementing, and maintaining an effective information security and risk & control framework to ensure that the Bank meets the necessary internal/ external requirements. Reporting to the Regional Chief Information Security Officer / Head of Risk & Control, APAC, this is a vital role for the Bank.

• Assist the Regional Chief Information Security Officer / Head of Risk & Control, APAC to drive the Bank\'s information security and risk & control transformation agenda including implementation of security strategy and technology solutions for the region.
• Establish and manage an information security and risk & control governance framework aligned with the internal security policy and various industry best practices.
• Prioritize any material security risks identified and develop the necessary risk mitigation strategies and controls.
• Build and maintain a cloud governance framework aligned with various industry best practices in the region.
• Supervise the risks associated with the Bank\'s cloud initiatives and usage (e.g., certificate and re-certificate).
• Ensure that the Bank is in compliance with the relevant regulations (e.g., HKMA SPMs and MAS TRMG) and industry standards (e.g., ISO 27001 and NIST).
• Demonstrate leadership in driving information security and risk & control discussions with the branches/ subsidiaries across APAC
• Oversee changes in the regulatory landscape and update the Bank\'s security policy and standards accordingly.
• Work closely with various project teams to ensure that the Bank complies with the mandatory control requirements.
• Act as the single point of contact in responding to the enquiries around information security and risk & control matters from senior management, auditors, and regulators.
• Conduct trainings to improve awareness of the Bank\'s control requirements including the known industry good practices

Regularly assess the Bank\'s security posture in relation to the third party vendors.

Job Requirements

• Minimum of 15 years\' experience in information security and/or risk & control related tasks.
• Professional certifications such as CISSP, CISM, CISA, CRISC, and CGEIT
• Solid understanding of various regulatory requirements (e.g., HKMA SPMs and MAS TRMG) and industry standards (e.g., ISO 27001 and NIST Cybersecurity Framework).
• Experience and knowledge about leading public cloud services (AWS, Azure, or Google Cloud).
• Excellent communication and interpersonal skills including presentations and writing risk papers, with the ability to collaborate effectively with stakeholders at all levels.
• Analytical mindset and problem-solving abilities.
• Ability to work in a fast moving high pressure environment and balancing multiple work streams.
• Experience in financial services or regulated environments is preferred
• Previous experience in cloud security is an advantage

eFinancialCareers