Regional Information Security Officer

Job Description

Responsibilities Responsible for developing, implementing, and maintaining an effective information security framework to ensure that the Bank meets the relevant security requirements including security policies and regulations. Assist to drive the Bank’s security transformation agenda including implementation of security strategy and technology solutions for the region. Establish a security governance framework aligned with industry best practices including developing and maintaining security policies and standards. Identify and prioritize security risks and establish risk mitigation strategies and controls. Ensure that the Bank is in compliance with the relevant regulations (e.g., HKMA SPMs and MAS TRMG) and industry standards (e.g., ISO 27001 and NIST). Monitor changes in regulatory landscape and update security policies and standards accordingly. Lead the responses to cybersecurity incidents. Design and deliver security awareness and training programs to ensure that employees understand security best practices, policies, and standards. Qualifications Minimum of 10 years’ experience in information security related work including proven record as an Information Security Officer, preferable with extensive experience in the financial services sector Professional certifications such as CISSP, CISM, CISA, CRISC, and CGEIT Extensive experience in security governance, risk management, and compliance. Proven track record in developing and implementing security governance programs is an advantage. Solid understanding of regulatory requirements (e.g., HKMA SPMs and MAS TRMG) and industry standards (e.g., ISO 27001 and NIST Cybersecurity Framework). Excellent communication, interpersonal and stakeholder management skills with an analytical mindset. Previous experience in cloud security is an advantage.