Information Security

职位描述 Department Description Reporting to the Group Chief Operating Office Unit (GCOO), the Information Security and Risk (ISR) department in Asia is responsible for securing and steering Information Security and Cybersecurity related risks falling under Global Banking & Investor Solutions' (GBIS) remit. The Information Security Officer in China is responsible for coordinating and delivering the application of group cyber security policies and standards locally, in line with local regulation. The role involves implementing, enhancing, and overseeing the information security framework locally, with strong coordination and regular reporting to the regional Chief Information Security Officer (CISO) and regional Cybersecurity experts. The Information Security Officer is also responsible for managing local regulatory interactions and maintaining ongoing compliance. This is a hands-on position that requires first-hand experience and technical knowledge in performing cyber security functions, including conducting cyber risk assessments of IT systems and third parties, and managing local cyber incidents. Main Responsibilities: Lead response on Cybersecurity towards regulatory requests, RISQ / audit /inspection or regular submissions ensuring timely and accurate reporting and communication Monitor and ensure compliance (coordinate gap analysis and follow-up remediation plans) against local regulations, global policies, and standards related to Cybersecurity Responsible for the local implementation of the regional Cybersecurity remediation program aiming to reinforce prevention, protection, detection and response capabilities -Lead response to local Cybersecurity incidents in coordination with the regional incident response team Support local Business Units and Service Units in their transformation providing adequate guidance on Cybersecurity subjects in liaison with regional Cybersecurity experts Work with all the local Business Units and Service Units to determine possible cyber risks and relevant mitigations Evaluate and manage local security exceptions in alignment with global standards Be a subject matter expert on subjects alike Cybersecurity regulations, Identity and Access Management, Application Security, Third Party Security, Data protection and Incident management Deliver relevant awareness and training adapted to the current threat landscape Maintain and continuously improve the bank's cyber defense capabilities through operational monitoring of anomalies and incident management Definition and implementation of the local Cybersecurity governance in alignment with local regulation, global and regional standards and practices -Ensure alignment with regional CISO on Cybersecurity strategy, objectives and initiatives including interactions with regulators Maintain close interaction with regulators for all aspects related to Cybersecurity Keep current knowledge of the local cyber security regulatory evolution Oversee closure of regulatory recommendations Work closely with Compliance to understand impact of new/existing Cybersecurity regulations Required Qualifications ACADEMIC BACKGROUND AND CERTIFICATIONS, EXPERIENCE Bachelor’s degree in information technology or equivalent Professional qualification in information security management such as CISSP, CISM, CISA Experienced Security Expert with 8+ years of relevant experience At least 5 years in banking or relevant industries Significant experience in interacting and managing compliance with Banking regulators.

Job Description