Executive Director, CIO & Coutry CISO

Job Description

Foreign Banking is looing for a CIO & Country CISO dual-role

【Newly-released in Feburuary, 2024】

Please contact Morgan Mckinley - Fintech - Agnes Yang

Wechat ID: aviyayang

BU: Global Business Service Unit (GBSU)

Department: IT Risk And Production Management (RPM) department,

Team: Data & Cybersecurity (DCS) team (HK team)

Local Report to: China COO

Regional Security Report to: Regional CISO

Seniority: Executive Director

Responsibilities

The country CISO (Chief Information Security Officer) in China is responsible to

coordinate locally on the application of group cyber security policies and standards in line with local regulation. The CISO is responsible for implementing, enhancing and overseeing the information security framework locally with strong synchronisation with regional Cybersecurity experts and functional reporting to regional CISO.

Main Responsibilities

 Lead internal response on Cybersecurity towards regulatory requests, RISQ /

audit /inspection or regular submissions ensuring timely and accurate reporting and communication

 Monitor and ensure compliance (coordinate gap analysis and follow-up

remediation plans) against local regulations, global policies, and standards related to Cybersecurity

 Responsible for the local implementation of the regional Cybersecurity

remediation program aiming to reinforce prevention, protection, detection and response capabilities

 Lead response to local Cybersecurity incidents in coordination with the regional

incident response team

 Support local Business Units and Service Units in their transformation providing

adequate guidance on Cybersecurity subjects in liason with regional Cybersecurity experts

 Work with all the local Business Units and Service Units to determine possible

cyber risks and relevant mitigations

 Evaluate and manage local security exceptions in alignment with global

standards

 Be a subject matter expert on subjects alike Cybersecurity regulations, Identity

and Access Management, Application Security, Third Party Security, Cloud security, Data protection and Incident management

 Deliver relevant awareness and training adapted to the current threat landscape

 Maintain and continuously improve the cyber defense capabilities through

operational monitoring of anomalies, incident management,

 Definition and implementation of the local Cybersecurity governance in alignment with local regulation, global and regional standards and practices

 Ensure alignment with regional CISO on Cybersecurity strategy, objectives and

initiatives including interactions with regulators. ACADEMIC BACKGROUND AND CERTIFICATIONS, EXPERIENCE

 Bachelor Degree in Information Technology or equivalent

 Professional qualification in information security management such as CISSP, CISM, CISA

 Experienced Security Expert with 10+ years of relevant experience

Operational Skills

 Solid understanding of information security concepts, frameworks, standards and

best practices

 Strong knowledge of cyber threat landscape, attack methods, vulnerabilities, common exploits and mitigation techniques

 Strong understanding of IT infrastructure and IT applicative framework

architectures

 Strong knowledge of local and global regulation and requirements

 Proven ability to interact with regulators and other external parties on information

securty matters

 Excellent English verbal and written communication skills, experience of

influencing at senior organizational levels,up to and including MD level

 Client oriented mindset, results driven, proactive and quick to react to requests

 Innovative and bringing new ideas to improve processes.

Behavioral Skills

 Client - Risk: I strive to satisfy clients/internal partners while taking into account

risks for the company

 Commitment - Inspiration: I communicate a clear vision and strategy

 Responsibility - Courage: I express my convictions and make decisions with

courage

 Responsibility - Risk awareness: I am constantly on the lookout for risks

 Commitment - Exemplarity: I embody the Group's values

 Innovation - Simplification: I make things & ideas simple