Job Description

• Drive the development and formulation of the monitoring framework and mechanism in respect of information security, covering physical data / information security and cybersecurity, and technology risk management for the operation of a third party delivery partner

• Oversee and manage the Delivery Partner’s performance and delivery of information security and technology risk related initiatives, including but not limited to the development of reporting metric (such as performance indicators and risk indicators), incidents and risk register for identifying, recording and monitoring potential risks, and ensuring proper follow-up on the risks identified through appropriate rectifications, remedial actions and / or mitigation measures

• Enforcing, monitoring and continuous enhancing supervisory framework, policies and procedures governing information security and technology risk management in support of the operation

• Lead the performing regular assessment on information security and technology risk to ensure compliance with the relevant policies, laws and regulations

• Review the regular and ad hoc reporting to the management on work progress and potential issues

Job Requirements

• Degree holder in Computer Science / Information Security or related disciplines

• 8 years or above experience in with at least 5 years' relevant experience in related fields e.g. technology risk, information security, cyber security and regulatory compliance

• Hands on experience in development and application of risk management such as KRI, risk control assessment and risk tool registration

• Strong experience in vendor management, especially for driving Delivery Partner’s performance and delivery on large and complicated projects

• Work experience in leading security hardening of infrastructure and applications projects

• Deep understanding of information security and technology risk management principles and best practices including personal data privacy laws and regulations (e.g. the PDPO) is preferred

• Relevant technology management and/or IT audit qualifications e.g. CISM, CISSP, CISA, CRISC or equivalent will be an advantage

• Strong problem solving, leadership, communication and interpersonal skills

• Able to work under pressure and meet tight schedule

• Good command of written and spoken English and Chinese

To apply for this role, please send your full resume by MS word format to [email protected]

Only shortlisted candidate will be notified.  Personal data collected by job applicants will be kept in strict confidence and used for recruitment purpose only.