My Client is seeking an experienced information security from financial services background. Must have risk committee experience and strong risk frameworks implementation.
Duties:
- Individual contributor role based in Hong Kong
- Develop, manage and execute information security (including cyber) assurance reviews
- Produce Business Unit and Group level reports on the status of implemented information security controls and Policy, including coordinating the annual Turnbull Policy attestation exercise.
- Be responsible for the submission and fulfilment of Audit RFIs that are addressed at the group information security and privacy team.
- Coordinate audit readiness exercise when required to ascertain the control postures prior to major audit.
- Use the output and knowledge gained from assurance reviews to craft the development of Group policy, technical standards and procedures
- Build process and tool to track exception to Standards and Policy.
- Periodic review, continuous improvement, and compliance management of Policy and standards.
- Coordinate the structure and management of Standards across all security disciplines.
- Third party security management and oversight (assessment process, template and performing assessment on regionally engaged 3rd parties)
- Continuous improvement and development of the tool and process used to handle audit RFIs submission and fulfilment.
- Prepare presentations deck and write analysis paper for submission in various senior governance forum within Risk and Digital departments.
Requirements:
- Experience of implementing information security (including cyber) policy and systems, including supporting procedures and technical standards.
- Experienced and understanding of information security (including cyber) standards and implementation, including:
- International security control standards (e.g. ISO, ISF, NIST)
- Security architecture, infrastructure and technologies, e.g., network security, web services, operating and systems, etc.
- information security (including cyber) audits and reviews
- Technical and procedural risk analysis,
- information security (including cyber) policy development and compliance monitoring
- Ability to handle information security (including cyber) projects related to all areas of Prudential business
- Strong analytical skills, Good written and communication skills
- Pro-active, with the ability and confidence to drive forward discussions, co-ordinate activities, make judgements and take decisions
- Ability to work under stress and cope with results-oriented demands
- Ability to connect with people at all levels and build strong working relationships
- Ability to deal appropriately with information which may be highly sensitive
- Appropriate Graduate and / or Professional Qualifications, eg CISM, CISA, CISSP (or equivalent industry experience)
- Technically proficient to be able to translate information security topics, initiatives / program into something that is digestible for parties outside of information security community.
- Display subject matter experience in diverse information security areas (e.g. application security, Cloud security, Vulnerability Management, agile lifecycle management, DevSecOps, etc)
- Strong business insight within the insurance / financial services industry and related operational fields.
- More than 10 years + experience in the information security, privacy and technology risk field, preferably in the financial services industry.