Job Description

One of the global banks is expanding its presence in APAC.
As a part of expansion, client is looking to hire Regional Information Security Officer, who will play a key role in expansion.

Responsibilities

• The Regional Information Security Officer, Asia & Oceania is responsible for developing, implementing, and maintaining an effective information security framework to ensure that the Bank meets the relevant security requirements including security policies and regulations. Reporting to the Regional Head, Chief Information Security Officer, Asia & Oceania, this is a vital role for the Bank to protect the organization.
• Assist the Regional Head, Chief Information Security Officer, Asia & Oceania to drive the Bank\'s security transformation agenda including implementation of security strategy and technology solutions for the region.
• Establish a security governance framework aligned with industry best practices including developing and maintaining security policies and standards.
• Identify and prioritize security risks and establish risk mitigation strategies and controls.
• Ensure that the Bank is in compliance with the relevant regulations (e.g., HKMA SPMs and MAS TRMG) and industry standards (e.g., ISO 27001 and NIST).
• Monitor changes in regulatory landscape and update security policies and standards accordingly.
• Lead the responses to cybersecurity incidents.
• Work closely with project teams to ensure that the Bank complies with security best practices including security policies, standards, and regulatory requirements.
• Coordinate penetration testing to comply with local regulatory requirements and escalate material security risks to the relevant forums to obtain right attention as appropriate.
• Act as the single point of contact in responding to enquiries from senior management and regulatory including internal and external audit exams.
• Design and deliver security awareness and training programs to ensure that employees understand security best practices, policies, and standards.
• Regularly assess security posture of vendors and third parties.
• Responsible for evaluating and reporting of regular security risk assessment activities covering compliance status and incident metrics

Skills

Must have

• Minimum of 10 years\' experience in information security related work including proven record as an Information Security Officer
• Professional certification ssuch as CISSP, CISM, CISA, CRISC, and CGEIT
• Extensive experience in security governance, risk management, and compliance.
• Proven track record in developing and implementing security governance programs is an advantage.
• Solid understanding of regulatory requirements (e.g., HKMA SPMs and MAS TRMG) and industry standards (e.g., ISO 27001 and NIST Cybersecurity Framework).
• Excellent communication and interpersonal skills including presentations and writing risk papers, with the ability to

collaborate effectively with stakeholders at all levels.

• Analytical mindset and problem-solving abilities to address complex information security challenges.
• Ability to work in a fast moving high pressure environment and balancing multiple work streams.
• Experience in financial services or regulated environments

Nice to have

Previous experience in cloud security is an advantage

Languages

English: C2 Proficient

Seniority

Senior

Relocation package

If needed, we can help you with relocation process. .

Vacancy Specialization

Information Security

Ref Number

VR-98591

Luxoft