Section Head, Cyber Threat Management - Cybersecurity & Overseas IT

Responsibilities

• Formulate and maintain a set of cyber security standards and procedures as well as to ascertain their timeliness and adequacy 
• Ensure the adequacy and effectiveness of controls designed or implemented according to the security standards and requirements of the Bank's standard procedures and regulators
• Manage cyber security services and projects to ensure their timely delivery for supporting the business needs
• Lead the threat and vulnerability management section to assess, control and manage the respective cybersecurity risks 
• Prepare team budget and proposal for acquiring cyber security solutions and services
• Provide security advisory on new initiatives and major enhancements on banking services and products to the business and IT 
• Oversee the security posture of overseas branches and subsidiaries to provide secure banking services and products to local customers
• Develop, maintain and continuously improve security architecture artefacts, including reference architectures, principles, models, templates, standards and procedures, etc, for standard security controls and processes across the Bank Group 
• Facilitate security management by initiating, leading and coordinating fortification of cyber security controls
• Minimize the cyber impact to our banking operations, services and customers by identifying, investigating, and mitigating cyber threats as well as responding to and preventing cyber security incidents
• Regularly review and update security documentations which set out security requirements and controls of the Bank 
• Perform third party risk assessments and site visits with relevant business users to identify and mitigate potential security risks arisen from third party engagement
• Analyse threat intelligence collected from multiple sources to identify, assess, mitigate and report on cyber risks that are applicable to the Bank 
• Conduct security testing and assessments against the Bank's standard procedures and regulatory requirements, including C-RAF and iCAST
• Perform compliance management by designing security remediation and tracking its implementation status
• Drive threat and vulnerability management along with the Security Operations Centre to identify, protect, detect, respond and recover the respective cybersecurity risks 
• Develop training program to ensure team members possess adequate knowledge and skills related to their job roles
• Ensure team members' compliance to the Bank's standard procedures and regulatory requirements
• Comply with all applicable regulations, rules, codes, guidelines and standards set by regulators and the Bank, and carry out duties with high integrity; and
• Adhere to all established risk control guidelines, procedures and measures to identify, assess, report, mitigate and monitor the risks involved in the day-to-day work
• Attend industry-related forums and working group meetings as required 
• Perform any other duties as directed by supervisor(s)

Requirements

• University graduate, preferably with a major in Computer Science or equivalent with:
• Over 10 years’ experience in the banking industry/financial institutions covering:
• At least 5 years in technology audit or cyber security;
• At least 5 years in a team lead/management role;
• In-depth knowledge in the security services of the banking industry/financial institutions;
• Good project management, problem solving and leadership skill;
• Certification in CISSP, CISA or related professional qualifications;
• Good command of both spoken and written English and Chinese (fluent in Putonghua is preferable); and
• Ability to work independently and under high pressure with self-motivation.