Our client, a reputable local bank, is seeking a Head of Information Security to Lead the Information Security Section to ensure adequate and effective controls are in place.
Main Responsibilities:
Responsible for the following functions across all entities in the Group and ensure the effectiveness:-
- Report to the Group Chief Operating Officer & Group Head of Information Technology.
- Define security infrastructure strategy and refreshment roadmap.
- Continuous research and introduce new security measures to the Bank that scope with the changing security risk profile.
- To define, review and revise information security policies, standards and guidelines including outsourcing service provider.
- To keep abreast with information security policies, standards and guidelines and to implement it to ensure high levels of integrity, confidentiality and availability of IT resources within the Bank.
- To keep abreast of the latest attack methodologies. Stay ahead of the curve on the latest forensic and incident response methodologies.
- To provide support for investigation of any technology-related frauds and incidents.
- To help protect against web threats that facilitate cybercrime, including malware, phishing, viruses, denial-of-service attacks, information warfare and hacking.
- Reviewing, evaluating and endorsing non-compliance with information security policies.
- Act as focal point for internal, external audit and regulator inspection over information security matters.
- Manages the security infrastructure to ensure adequate, reliable and cost effective resources are employed.
- Detect, identify and monitor security vulnerabilities of the entire infrastructure.
- Encryption key management
- Contributes to annual strategic plans and operating budgets; monitors throughout the year to ensure adherence to strategic goals, appropriate expenditure of funds, and timely processing of expenses.
- Review and endorse security design of IT solutions.
- To ensure awareness of, and compliance with, the information security policies and standards,
- Sets goals, assigns, and directs staff activities; provides guidance and training; reviews and evaluates staff work and prepares performance appraisals; confers with employees to develop career plans and address development needs; contributes to salary planning and financial planning processes.
- Establishes staffing requirements for section and carries out human resources responsibilities such as: defining job responsibilities; making selection, promotion, termination decisions; setting performance objectives and conducting performance appraisals; and participates in salary planning.
Incumbent Requirements:
- At least 15 years of relevant experience in banking IT field; with over 10 years in technology risk and/or information security area and 5 years or above in managerial role.
- University graduate in Computer Science / Information Technology or equivalent.
- One or more certificates listed below:
- ISC2 Certified Information Security Professional (CISSP)
- ISACA Certified Information System Auditor (CISA)
- ISACA Certified Information Security Manager (CISM)
- ISC2 Certified Cloud Security Professional (CCSP)
- Sound knowledge in Public Key Infrastructure (PKI), Internet vulnerability, cybersecurity, firewalls, Intrusion Detection/Prevention System and application security of finance/banking systems.
- Solid experience in regulators requirement on technology risk management including the Supervisory Policy Manual of HKMA, Personal Data Privacy Ordinance, PCI Data Security Standard, SFC guidelines and Customer Security Controls Framework of SWIFT
- Strong communication skill, both in Chinese and English.
- Able to drive changes and strong execution ability.
- Mature and able to work independently under pressure