A highly diversified and global corporation. Our Cybersecurity team is now inviting candidates to apply for the following position:
Responsibilities:
- Develop, implement, and update security policies based on designated framework, emerging cyber threats, and industry best practices
- Lead the information security compliance program across Group, and establish appropriate cybersecurity framework
- Collaborate with operating companies and Group Internal Audit, to track and remediate security risks, and to report security compliance issues through security dashboard
- Build and implement security awareness program to communicate security policies, and develop information security training plans and awareness activities for Group
- Lead the creation, procurement, and delivery of awareness deliverables and learning content for Group
- Manage the creation and procurement of vendor security risk and compliance platform
- Monitor performance of vendors, and identify and escalate any associated security risks
- Work with Risk Management to manage cyber insurance program for Group, and ensure a comprehensive coverage of cyber insurance policy
Requirements:
- Bachelor's degree in Information Security Management, Computer Science and Technology, Network and Telecommunication, and Information Systems Management
- 10+ years of cybersecurity working experience, with at least 3 years in security governance and compliance
- Proven track record in developing security policies, and leading audit and compliance program
- Sound experience in vendor management, and security awareness training delivery
- Strong understanding about security framework, such as NIST CSF, ISO 27001/2/5, CIS
- Attainment of certificates, e.g., CISSP, CRISC, CISA, CISM, would be preferred
- Excellent communication skills in both written and spoken English and Chinese. Fluent Putonghua is desirable