Job Description
Responsible to support Regional Information Security and Risk Governance for the Asia zone to ensure the Security posture of business units are properly measured, monitored and managed
Assist in the development and promotion of of Information Security policies, standards, and procedures according to the industry best practices and standards (e.g. NIST800-53, , NIST Cyber Security Framework, ISO27000, CIS, ISA/IEC62443, etc.), technologies, relevant regulatory and group requirements
Evaluate and manage capabilities that enable the organization to reliably achieve objectives, address uncertainty and act with integrity, as a whole more responsive and efficient in a consistent manner
Act as the main responsible party to drive and align the policy compliance across Group, business units and business lines toward the same direction.
Perform and manage regular Information Security and Control assessment to ensure that business units are compliant with the Group Information Security Policies and Standards
Manage remediation activities from Security assessments and audit findings to mitigate the risks
Identify and address cyber risks and requirements in order to protect the organization from adversity, surprise and weakness
Monitor Information Security and Risk control, and test to determine the control performance and effectiveness with continuous improvement of KPIs.
Support the Cyber Security project implementation and daily activities with respect to Information Security best practices and risk assessments

Qualification
At least 5 years hands-on experience in IT Security, Governance and Risk Management, with 2 years in managerial and team lead position
Extensive knowledge and understanding of Information Security framework, such as ISF, ISO27001, NIST Cyber Security Framework.
Sound knowledge of Information System, IT Operation and IT Audit
Knowledge on OT Security.
Good stakeholder engagement and management skills
Great sense of ownership and servicing mindset
Strong liaison skill, teamwork, passion and commitment mentality
Strong self-motivation, with good leadership, interpersonal and analytical skills, lead through influence, communicate effectively to stakeholders on risk management and cyber security governance
Strong problem solving and project execution skills; able to handle changing priorities and drive difficult decisions; highly dependable team player with ongoing commitment to excellence
Relevant professional certification, such as CISSP, CISA, CISM, CRISC or CGEIT is desired
Good communication in English and Mandarin,

工作地点：香港鲗鱼涌英皇道979号太古坊

备注：应聘成功，一经录用，候选人即可自主申请“香港专才计划”，申请成功后，赴港入职。

其他信息
语言要求：英语
行业要求：全部行业