Information Security Officer

Job Description

Global Asset Management Tech

【Newly-released in Feburuary, 2024】

Please contact Morgan Mckinley - Fintech - Agnes Yang

WC: aviyayang

Team: IT Department

Report to: Head of IT

1. DESCRIPTION

Reporting locally to the Head of IT and globally to the Chief Information Security Officer (CISO), develops and maintains enterprise IT security, oversees vendor management activities, and influences user behavior. The information Security Manager is managing risks relating to information security, privacy, and technology compliance.

2. RESPONSIBILITIES

The key area of responsibilities include:

* Perform Risk Analysis and support projects from a security point of view. Assist Project Managers using an internal Risk Analysis methodology, assist with technical architecture advice to ensure that all new technology-related projects are reviewed for adequate security prior to implementation.

* Deploy Permanent Control plan (perform level 1 and 2 controls for which you are responsible, ensure the consolidation and the consistency of the results and report them to the CISO). With control activities, the Security Manager ensures the quality of implementation of the IS security framework and conservation of the highest security level.

* Manage Penetration test (scoping, deployment of prerequisites, feedback meetings, defining action plans and follow-ups with the IT manager)

* Promotes the Information Systems Security among managers, employees (especially in IT Functions). Coordinates and initializes local awareness raising actions, using media provided by the Head Office, transposed if necessary in order to be adapted to local specificities.

* Provide local IT Security reporting and contribute to global reporting

* Works with the Internal Audit to ensure that all policies and procedures are effectively implemented.

* Answer RFP & Due diligence requests related to Cyber Security

* Conduct security review and assessment of outsource vendors (Third Party Management)

* Ensure that global programs and policies comply with local governmental and industry regulatory standards.

* reports to the global CISO new uses or new needs of employees, Business Lines and Support Functions which he/she detects, when they may have an impact in terms of security or if he/she finds that such uses or needs are not covered by the ISS Policy.

3. REQUIREMENTS

Education and Experience

· Minimum 3 years of experience in Information Security

· Fluency in English is required.

· Demonstrated experience in GRC (Governance, Risk and Control), in one or more of the following domains: Risk analysis, Permanent control, Penetration test management

· Ability to support IT teams on Information Security subjects

· General IT technical skills (knowledge of networking protocols, Windows and Unix Operating Systems, …)

Skills/Knowledge

· Adaptable in global and complex environment, with good influencing skills

· Delivery focused

· Demonstrated ability as enabler and business builder

· Must be able to prioritize and manage own time effectively

· Reliable with strong analytical skills

· Good communication skills