Information Security Officer
Job Description
The Information Security Officer (ISO) is responsible for managing the Information Security and Data Privacy Program, serving as the Single Point of Contact (SPOC) for all second-line functional activities related to confidentiality, integrity, availability, privacy, and recovery of information. The ISO will ensure compliance with regulatory requirements and implement adequate security controls across Hong Kong and China business units. The role involves planning, implementing, monitoring, and reviewing the information security program in consultation with the Head Office Information Security team.
Job Requirements
Review and maintain Security and Data Privacy policies, standards, and procedures for Hong Kong & China business units.
Develop and update local Data Privacy policies in alignment with regulatory and organizational requirements.
Ensure compliance with relevant regulations, including HKMA Standards, HK PDPO, TMG1, TMG2, SA-2, BYOD requirements, CBIRC, and other local guidelines.
Regularly review new regulatory legislation and promptly communicate updates to relevant stakeholders.
Act as a liaison between local business units, IT, Compliance, and Group Information Security for planning, implementation, and review of security programs.
Support Head Office during regulatory examinations, audits, and compliance-related activities.
Perform Technology Risk Assessments, RCSA, and Third-Party Risk Assessments.
Oversee tracking and closure of security, BCM, and privacy-related audit findings.
Monitor open issues with IT and other international SPOCs for Hong Kong, China, and APAC regions.
Provide support to CSIRT for information security incidents and data breach handling.
Assist in internal and external audits and track remediation actions. Participate in digital forensic investigations in coordination with Fraud Risk and Information Security teams.
Review dashboards and Security MIS related to patching, vulnerability assessments, penetration testing, baselines, and endpoint security controls.
Track compliance for data privacy and protection controls.
Prepare and submit KPIs and KRIs for information security processes.
Govern the security awareness program for regional staff, including offshore development centers.
Provide SLOD oversight and support the business unit in implementing BCM programs in alignment with local regulations and Group practices. Review BRDs, Solution Designs, and Concept Designs for security compliance.
Assess and review change requests and security exceptions for the region.
Qualifications and Experience:
Bachelor’s or Master’s degree in Engineering/Technology or equivalent.
Minimum 3-5 years of experience in Information Security, IT Security, or IS Audit.
Expert knowledge of Information Security domains, including regulatory compliance management.
Familiarity with HKMA and CBIRC guidelines on cybersecurity, business continuity, and data privacy.
Technical Competencies:
Strong understanding of cybersecurity frameworks and principles.
Proficiency in technology risk assessments, vulnerability assessments, and security monitoring.
Experience in developing and implementing security awareness programs.
Knowledge of BCM frameworks and incident response processes.
Skills & Competencies
TRA,RCSA,CSIRT,BCM,HKMA standards,HK PDPO,TMG1, TMG2, SA-2,CBIRC
Number of Vacancies:
2Minimum Years of Experience:
3 to 5 YearsSalary:
HK$25000 to HK$40000
To apply please fill in the form below or send your resume to [email protected]
Please indicate your availability and expected salary.