Our client is looking for passionate technology cybersecurity professionals with Governance, Risk and Compliance (GRC) management experience to be part of the Company’s Information Security team.

Qualified candidates are expected to:

• Define, manage and update the Company’s information security policies, standards, and processes in coordination with different business functions to protect infrastructure, business-critical data and customer information.
• Ensure policies are consistently applied across the Company and monitor adherence to the defined governance principles to ensure expected value is delivered.
• Develop and maintain relationships with Business and Technology stakeholders to understand current International Business Group (IBG) challenges, establish a GRC framework to manage risk and compliance levels.
• Work closely with Compliance, Data Privacy and Legal team on new project security reviews, including cybersecurity risk evaluation, assessment, treatment, monitoring to assure high risks are mitigated to acceptable level, and help stakeholders make well-informed decisions.
• Liaise with Compliance and various Technology teams on regulator inspection, external audit, security certificate programs, and internal audit projects to assure compliance with financial regulations
  Communicate and report to senior management, present security risks and recommendations in regional Risk Management Committees (RMC) and board meetings.

Requirements:

• BS/MS in Computer Science / Cybersecurity with 5 years and above relevant experience in cyber security or information technology risk management in the financial industry.
• Demonstrable experience in security compliance programmes.
• Experience maintaining information security standards and regulations such as PCI DSS, ISO27001, GDPR, PSD2, SWIFT CSP, and MAS TRM guidelines.
• Excellent relationship building and communication skills with the ability to engage people from diverse cultures and different levels.
• Strong stakeholder management skills, working across the South East Asia business and China teams to leverage knowledge and resources from this network to get things done.
• Good knowledge of cloud computing, networking, OS and its security aspects.
• Preferably with either CISSP, CISA, CRISC certification.
• Excellent command of both spoken and written English and Mandarin Chinese to communicate with our Mandarin speaking stakeholders.