Job Summary
- Shanghai
- Permanent
- BBBH843376
- Feb 29, 2024
- ¥126k+ pm
Job Description
Foreign Banking is looing for a CIO & Country CISO dual-role
【Newly-released in Feburuary, 2024】
Please contact Morgan Mckinley - Fintech - Agnes Yang
Wechat ID: aviyayang
BU: Global Business Service Unit (GBSU)
Department: IT Risk And Production Management (RPM) department,
Team: Data & Cybersecurity (DCS) team (HK team)
Local Report to: China COO
Regional Security Report to: Regional CISO
Seniority: Executive Director
Responsibilities
The country CISO (Chief Information Security Officer) in China is responsible to
coordinate locally on the application of group cyber security policies and standards in line with local regulation. The CISO is responsible for implementing, enhancing and overseeing the information security framework locally with strong synchronisation with regional Cybersecurity experts and functional reporting to regional CISO.
Main Responsibilities
Lead internal response on Cybersecurity towards regulatory requests, RISQ /
audit /inspection or regular submissions ensuring timely and accurate reporting and communication
Monitor and ensure compliance (coordinate gap analysis and follow-up
remediation plans) against local regulations, global policies, and standards related to Cybersecurity
Responsible for the local implementation of the regional Cybersecurity
remediation program aiming to reinforce prevention, protection, detection and response capabilities
Lead response to local Cybersecurity incidents in coordination with the regional
incident response team
Support local Business Units and Service Units in their transformation providing
adequate guidance on Cybersecurity subjects in liason with regional Cybersecurity experts
Work with all the local Business Units and Service Units to determine possible
cyber risks and relevant mitigations
Evaluate and manage local security exceptions in alignment with global
standards
Be a subject matter expert on subjects alike Cybersecurity regulations, Identity
and Access Management, Application Security, Third Party Security, Cloud security, Data protection and Incident management
Deliver relevant awareness and training adapted to the current threat landscape
Maintain and continuously improve the cyber defense capabilities through
operational monitoring of anomalies, incident management,
Definition and implementation of the local Cybersecurity governance in alignment with local regulation, global and regional standards and practices
Ensure alignment with regional CISO on Cybersecurity strategy, objectives and
initiatives including interactions with regulators. ACADEMIC BACKGROUND AND CERTIFICATIONS, EXPERIENCE
Bachelor Degree in Information Technology or equivalent
Professional qualification in information security management such as CISSP, CISM, CISA
Experienced Security Expert with 10+ years of relevant experience
Operational Skills
Solid understanding of information security concepts, frameworks, standards and
best practices
Strong knowledge of cyber threat landscape, attack methods, vulnerabilities, common exploits and mitigation techniques
Strong understanding of IT infrastructure and IT applicative framework
architectures
Strong knowledge of local and global regulation and requirements
Proven ability to interact with regulators and other external parties on information
securty matters
Excellent English verbal and written communication skills, experience of
influencing at senior organizational levels,up to and including MD level
Client oriented mindset, results driven, proactive and quick to react to requests
Innovative and bringing new ideas to improve processes.
Behavioral Skills
Client - Risk: I strive to satisfy clients/internal partners while taking into account
risks for the company
Commitment - Inspiration: I communicate a clear vision and strategy
Responsibility - Courage: I express my convictions and make decisions with
courage
Responsibility - Risk awareness: I am constantly on the lookout for risks
Commitment - Exemplarity: I embody the Group's values
Innovation - Simplification: I make things & ideas simple