Save Job Back to Search Job Description Summary Similar JobsRegional ExposureFSI IndustryAbout Our ClientOur client is a well know Insurance provider.Job DescriptionSecurity Architecture and Risk Management:Conduct security architecture reviews to ensure alignment with organizational policies and identify potential vulnerabilities.Perform security risk assessments, identify potential threats, and develop mitigation strategies.Maintain regular risk assessments and communicate identified risks to stakeholders.Oversee penetration tests conducted by 3rd party vendors and ensure alignment with security architecture.Provide security advisory to business and project teams, ensuring alignment with corporate security standards and controls.Conduct vendor security assurance reviews.Oversee security architecture review all the way to go-live review and approval.Security Operations and Incident Management:Manage and support security incidents, ensuring timely detection, response, and resolution.Maintain security policies and process documents.Comply with group security standards and local security regulatory requirements.Periodically review and update security policies, operation processes, for security control enhancement.Prepare management reports to Chief Security Officer & Management team.Compliance and Governance:Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, GDPR, etc.).Support Secure Development/DevSecOps and collaborate with business and project teams to maintain the organization's security posture.Provide professional security advisory and recommendations through solutions architecture review, assessing project security, addressing business on security related enquiry.Strategic Direction:Provide strategic direction for upcoming Information Security staff (for both Senior & Junior staff).Work with other security managers in the team and report to the Chief Security Officer.The Successful ApplicantBachelor's degree in Information Security, Computer Science, or a related field. Relevant certifications (e.g., CISSP, CISM, CISA) are highly desirable.8+ years of experience in information security, with a proven track record in risk management and security governance.Strong understanding of international security standards, including but not limited to: ISO 27001, NIST Cybersecurity Framework, GDPR, and other relevant frameworks.Experience with public cloud, privileged account management, SIEM, data leakage prevention, anti-DDoS, secure web access, vulnerability management, and Operational and IT resilience.Experience with penetration testing, vulnerability assessments, and security architecture design.Excellent communication, presentation, and interpersonal skills, with the ability to communicate effectively with technical and non-technical audiences.Experience working in a multinational organization is preferred but not required.Fluency in English and Mandarin is required.What's on OfferGreat Career Exposure - Regional ExposureGood Benefit and Salary PackageContactAlexis WeeQuote job refJN-112024-6580641Phone number+852 3602 2400Job summaryFunctionITSpecialisationSecurityIndustryInsuranceLocationHong KongJob Type:PermanentConsultant nameAlexis WeeConsultant phone+852 3602 2400Job ReferenceJN-112024-6580641