Global Information & Technology Risk Management (GITRM) is a group that combines Information Security, Information Management and IT Risk into a comprehensive department focused on managing information risks for the bank. This role will be part of the GITRM International organization and will be responsible for Information Security & Technology Risk Management oversight & execution for all lines of business in Greater China and also engage in rollout of initiatives for GITRM.
- Given the ever increasing focus of regulators on Cyber Security this role requires interaction with regulators in the region. This role requires updating local and regional management on information security matters to ensure they are informed on Cyber Risk.
- Serves as the primary Interface to the Information Security (IS) organization supporting Lines of businesses, operations and technology. Serves as the IS Officer for the business partners to share emerging risks and focus areas with business and technology management teams.
- Implement and monitor corporate IS policies/programs within lines of business, to ensure timely program delivery and manage risk within tolerance
- Partner with the Technology teams to ensure implementation and sustainability of controls
- Partner with the Supplier risk management team to ensure remediation of risks
- Develop strong understanding of underlying technical requirements of the technical IS standards, identification of security gaps and provide consultation to the businesses for remediation options
- Maintain and enhance status as a subject matter expert for all IS matters
- Partner with the IS Operations team to provide support on investigations and incident response
- Provide oversight to ensure that processes and projects are completed in a timely manner
- Monitor risk exceptions, and resolutions, in response to security events, assessment and audit results
- Maintain and socialize the status of IS program and initiatives within lines of businesses
- Respond to security events by initiating and coordinating actions needed to protect the business and its clients
- Provides expert advice to the business on current IS and Cyber threats affecting the business and clients
- Engage with regulators and auditors on Information Security and TRM matters.
~Knowledge & Skills
- 7+ years of experience in information security or related discipline. Financial industry experience preferred
- Degree in Engineering - computer science/electrical/electronic/Information Systems or equivalent.
- Information Security Certifications preferred, CISSP, CISM, CISA
- Ability to prioritize, execute tasks and handle multiple projects concurrently.
- Ability to communicate and present effectively through a range of mediums, to various audiences, in a way that demonstrates subject-matter knowledge. Strong influencing and negotiation skills-- with the demonstrated ability to engage and persuade stakeholders to take action and make decisions that aim to further business objectives.
- Strong service management and service delivery orientation
- Strong conceptual skills; ability to deal with ambiguity; creativity; lateral thinker
- Strong English spoken and written skills