• Manager , Information & Cyber Security , CTM Jobs in Hong Kong - 25158357

  • Standard Chartered Bank Ltd
  • Hong Kong
  • Save Job
  • 0 - 3 Years
  • Posted : above 1 month

Job Description:

We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East

To us, good performance is about much more than turning a profit Its about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good

Were committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation This in turn helps us to provide better support to our broad client base

The Role Responsibilities

The post is the 1st line of Information & Cyber Security (ICS) management function within Technology and Innovation (T&I), and the responsibilities include

a) ICS Risk Assessment and Mitigation

To work with key stakeholders, to build and rollout improvement programme to ensuring all identified ICS risks are remediated

To take ownership of ICS risk mitigation/remediation initiatives delivery via internal governance and controls

To elicit requirements and drive process change using risk assessment, staff interviews, document analysis, process mapping, requirements workshops, surveys, site visits, process descriptions, business analysis, and workflow analysis

To work with other team members and technology services departments to devise new support material based on the revised processes, to include training, reporting and systems enhancements

Support strategic alignment with 2nd line of defence (CISO) and Security Technology Services (STS)

Drive, manage, and/or execute ICS risk mitigation/remediation initiatives, including regulatory supervisory requirements such as TM-E-1, TM-G-1, C-RAF, and iCAST Prepare updates and risk acceptance documentation for relevant governance forums

Provide consultancy to business on technology initiatives in terms of ICS risk Ensure the technology initiatives are meeting SCB policy and standard and comply with regulatory requirements

b) Regulatory Reporting

Conduct regular review of the Regulatory Reporting requirements and ensure timely preparation and submission of the reports to regulators related to ICS perspective

Communicate with business units in relation to new or revised regulatory or internal guidelines and to ensure staff awareness on ICS control and compliance areas

Facilitate ICS regulatory review with Group and In-Country stakeholders and regulators

Manage follow-ups with Group and In-Country stakeholders to ensure ICS queries are resolved and actions taken Stakeholders include Group Technology Heads and senior management in Compliance, Chief Information Security Officer, Security Technology Services, Operational Risk and ICS Heads in country

c) Continuous improvement to enhance ICS controls and operational effectiveness

Proactively assess and review the Banks IT infrastructure and application to ensure that the confidentiality, availability, and integrity issues are addressed properly

Identify thematic issues by gathering and evaluating ICS data from multiple sources including testing, risk indicators, incidents, losses, audit findings, etc

d) ICS Solution Evaluation from Technology Risk Perspective

Build key relationships with the various departments and technology teams Work in partnership in identifying and developing solutions to address key technology risk areas for ICS

Provide consultancy to business units in terms of the ICS risk control, control monitoring and compliance assurance procedures

e) Outsourcing & Vendor Management

Engage outsourcing vendors related the assessment, assurance and mitigation of ICS risk, such as iCAST

Set up ICS related KPI and SLA and ensure the good quality of the deliverables by outsourcing vendors

The Role Requirements

Technical literacy and knowledge

University degree holder, preferably in information security, computer science, or computer engineering qualifications Master or other advanced professional degree preferred

Solid working experience within the IT risk and control / Information security / cyber security / risk management / audit space either within financial institutions or Big 4 firm

Advanced level of understanding of fundamental information security controls, principles and technology

Advanced level of understanding of diverse technology including infrastructure, network, and application

Good understanding of control design across the IT Security landscape

Advanced level of designing and execution of remediation plans to address audit and/or regulatory issues, and track record of following through to ensure closure

Experience in identifying and assessing complex IT risks and controls, to relate them to the wider business environment and to express opinions clearly to all levels

Experience in taking ideas from inception to delivery and able to create robust metrics to confirm success

Good knowledge of different operating systems, databases, networking, security concepts and technologies from an IT risk and controls perspective

Understanding of infrastructure and software knowledge, networks, firewalls, load balancers, software defined networking, malware, botnets, hacking and vulnerability techniques, software development processes and agile practices

Professional Certification preferred CISA, CRISC, CISSP, OSCP, CREST

Communication and influencing skills

Ability to analyse complex situations, influence strategies with practical, effective solutions

Experience of managing business and IT stakeholders from across the business and all levels of seniority

Experience working across multiple teams and functions to ensure alignment, and strong leadership and stakeholder management as well as influencing skills

Be able to face off stakeholders to win their confidence and help influence their decisions

Be able to work flexibly in terms of working hours to accommodate tight timelines and manage well under pressure

Independent / capable of working effectively and efficiently with minimal supervision

Excellent verbal and written communication skills and the ability to interact professionally with a diverse group of senior managers and subject matter experts

Ability to drill down to root cause and write and review clearly articulated risk documentation

Strong analytical and project management skills, including a thorough understanding of how to interpret business needs and translate them into operational requirements

Apply now to join the Bank for those with big career ambitions

Profile Summary:

Employment Type : Full Time
Eligibility : Any Graduate
Industry : Banking
Functional Area : IT Software : Software Products & Services
Role : System Security
Salary : As per Industry Standards
Deadline : 19th May 2020

Key Skills:

Why not try out our free online tutorials and gain an edge?

People who search this job also searched for the following Keywords

Salary trends based on over 1 crore profiles

View Salaries

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status