Our client is one of the most profitable organisations and have a sizeable IT team in Hong Kong. They are currently looking for an experienced Cyber & Information Security Risk Manager with over 6 years' experience in technology risk assessment and security compliance aspects.
- Support and drive security management's directives in priority
- Enhance current practices to mitigate cyber risks and the establishment of a risk framework
- Align risk appetite and fine-tune processes necessary within the business
- Follow and execute risk management practices with Risk Registers, Issue Management, Risk & Controls Library, Impact Thresholds, Risk Reporting, Controls Testing, and Security Governance
- Assess risks based on policy, standards, technology compliance requirements and best practices IT and business projects and activities
- Ensure security measures properly adopted for risk mitigation
- Risk exception and acceptance must be well governed, timely validated and properly escalated
- Prepare reporting to senior management on the current security posture
- Contribute to third-party risk management and well engage with and manage audit activities
To succeed in this role, you must have IT background with operations, enterprise networking, operating systems and database security risk controls with high problem solving, risk management and analytical skills. You must strong in interpersonal, management, negotiation and presentation; able to manage multiple priorities effectively, work independently and in a team-oriented and collaborative environment.
Other requirements included:
- University degree in IT, Management Information System, cybersecurity and/ or risk compliance
- Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks/Practices e.g. NIST, COBIT etc.
- Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security)
- Experience in adopting risk-based assessment methodologies and engaging audit counter-parts and in performing risk assessment and evaluation
- Experience in reporting risk tailored to IT and business stakeholders about most significant risks to the business
- Experience in building risk awareness amongst staff by providing support and training within the company
- Proficiency in both English and Chinese (Cantonese/ Mandarin)
Interested individuals can click apply now and send updated resume (in WORD format) to Bonnie Chan for further information.
For a more comprehensive list of current opportunities, please visit www.connectedgroup.com