Cyber Security Manager - Hang Seng Insurance - Hang Seng Bank (HK)

Some careers have more impact than others.
 
If you’re looking for a career where you can make a real impression, join Hang Seng and discover how valued you’ll be. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, Hang Seng offers opportunities, support and rewards that will take you further.

Principal Responsibilities

• Support the Chief Control Office (CCO) as a Cyber Security Manager within the First Line of Defence (1LoD), helping the business identify, own, and manage cyber and technology risks.
• Maintain and report the 1LoD cyber risk and control position, including key risks, control health, KRIs/KPIs, issues ageing, and remediation progress for CCO and relevant governance forums.
• Coordinate and drive cyber governance activities, including control attestations, evidence collection, issue management, and preparation of risk acceptance documentation where required.
• Support the definition, maintenance, and continuous improvement of key cyber/IT controls, ensuring controls are practical, measurable, and supported by clear procedures and evidence standards.
• Perform and/or coordinate 1LoD control monitoring across domains such as identity and access management (IAM), vulnerability management, secure configuration, logging and monitoring, endpoint security, incident readiness, data protection, and third-party security controls.
• Track and support closure of audit, assurance, and control findings, including root-cause analysis support, action plan tracking, dependency follow-up, and validation of closure evidence.
• Embed cyber risk considerations into business and technology change by partnering with Technology and Information Security teams to ensure risks, decisions, and exceptions are documented and aligned to risk appetite.

Assist with regulatory and internal policy alignment activities, including maintaining evidence packs for reviews and supporting responses to audit/regulatory queries.

Build effective working relationships across Technology, Information Security, Operational Risk (2LoD), Compliance, and Internal Audit (3LoD) to progress actions and improve control effectiveness.

Requirements

• Relevant experience in cyber security risk, IT risk management, technology controls, security governance, or control/assurance roles; experience in financial services/insurance is preferred.
• Understanding of the Three Lines of Defence model and practical experience supporting 1LoD accountability and control discipline.
• Working knowledge of core cyber/IT control areas, including access management, change management, vulnerability management, security monitoring/logging, incident management, data protection, and third-party risk.
• Strong documentation and communication skills, able to produce clear control narratives, testing evidence, issue papers, and concise management updates.
• Strong stakeholder management and delivery skills, with the ability to coordinate across multiple teams and follow through to closure.
• CISA (Certified Information Systems Auditor) preferred.
• Preferred exposure to Hong Kong Insurance Authority Guideline GL20/HKMA CRAF (e.g., control mapping, evidence preparation, uplift tracking, and/or audit/regulatory engagement aligned to GL20 expectations).