Cyber Security and IT Governance Cluster is the first line of defense Control Function to ensure that effective cybersecurity controls are in place in addressing the emerging cyber threats. The Cluster consists of Cyber Security Management (CSM), IT Policy and Compliance (ITPC) and Parameter and User Access Management (PUAM). Its function includes but not limited to the establishment and management of the cybersecurity organization, policies framework development, controls architecture, cybersecurity incident management, cybersecurity awareness, third party security, collaboration with external interested parties, cyber threats intelligence, cybersecurity and IT compliance monitoring, audit and compliance assessment coordination, issues remediation management, and parameter and user access management.
The role of the Head of Cyber Security Management holds the management responsibilities to the Cyber Security Management (CSM) and Parameter and User Access Management (PUAM) functions, with the following responsibilities:
-
Formulate the overall strategies and goals of Cyber Security Management, establish annual and long-term cybersecurity strategies, programme.
-
Develop and manage a framework for evaluating the maturity of the cybersecurity programme and a roadmap for continual improvement.
-
Responsible for formulating cybersecurity control requirements, including policies, procedures and standards.
-
Develop and adopt a management system to manage cybersecurity holistically and systemically in addressing the stakeholder security governance requirements and the strategic objectives, and to have appropriate management processes and systems in place that to confirm the requirements of the interested parties, such as Regulators, Head Office and Senior Management etc.
-
Provide cybersecurity advice and guidance to the Control Owner on the effective design of its control measures.
-
Monitor and evaluate the design and effectiveness of relevant control measures, including organizing the formulation of control effectiveness indicators and conducting regular evaluation and inspections.
-
Stay abreast of emerging cybersecurity threats, trends and technologies, continuously enhancing the Bank’s security postures.
-
Manage team performance and support career guidance of a high performing teams the support cybersecurity management, parameter and user access management.
-
Adopting management and security governance model to define and allocate roles and responsibilities for the protection of individual assets and for carrying out specific security processes.
-
Define the management requirements, scope, roles and responsibilities, management processes and its interfaces for the following control domains under the Cyber Security Management, and Parameter and User Access Management, oversee the delivery of the corresponding services:
-
Data Security Technical Control Management,
-
Organization of Cyber Security (Including organizational structure, roles and responsibilities),
-
Human Awareness Security,
-
Policies Framework Management,
-
Control Architecture Management,
-
Cyber Security Incident Management,
-
Threat Intelligence Management,
-
Third Party Security Management,
-
Secure System Development Management,
-
Parameter and User Access Management.
-
Provide directions, guidance and oversights to the IT Operations Center and IT Development Center on embedding cybersecurity requirements into its areas of responsibilities and functions; (i.e. Security Operations, including endpoints, network, infrastructure, operations security and Secure Development).
-
Develop, manage and analyze the key monitoring indicators (e.g. KCI) to monitor and report the effectiveness of the cyber security controls.
-
Present and report cybersecurity postures regularly to senior management and various levels of organization committees.
-
Identify and resolve management issues, optimize management processes and operational workflows, to optimize the resources utilization and achieve operational efficiency.
-
Responsible for any other responsibilities as directed by the Head of Cyber Security and IT Governance.
REQUIREMENT:
-
Degree holder in Cyber Security / Computer Science / Information Technology or related discipline;
-
Minimum 10 years or above of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management or IT Audit, preferably with experience gained from consultancy / banking / finance industry;
-
Experience in consultancy preferably Big 4 or IT Auditing is an advantage
-
Holder of HKMA ECF-C recognized certifications at professional level is required;
-
Customer-oriented, good communication and interpersonal skills;
-
Able to work independently and under pressure with tight deadline;
-
Strong problem-solving, analytical skills and presentation skills;
-
Good command of written and spoken English and Mandarin;
-
Possess proven managerial experience is a must;
-
Possess forward planning, strategic thinking, problem solving and decision-making skills;
-
Strong understanding and application of the best practices of cybersecurity management system methodology;
-
Proficiency in preparing management dashboard / reporting deck and reports in Chinese is definitely an advantage
Applicants who are not contacted within 8 weeks may consider their applications unsuccessful and their personal data will be retained by the bank for a period up to two years.
All information provided by applicants will be used for recruitment purposes only and will be used strictly in accordance with the bank’s personal data policies, a copy of which will be provided upon request.