Our client is the leading Regional Conglomerate with businesses across Greater China Region. They have high standards on their IT operation and policies and due to the expansion of the business, we are looking for a driven leader to lead the IT Security and Risk Team and perform as the highest level executive dedicated to Information Technology Security and Risk Assessment. The right candidate will be responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are sufficiently protected. The successful candidate should possess good communication, interpersonal and problem solving skills.

Responsibilities: 

• Facilitate an information security and business continuity governance structure through the formation of an information security steering committee or advisory board.
• Provide regular reporting on the current status of the information security program to reduce IT risks, respond to incidents, established appropriate standards and controls.
• Create and manage a targeted information security awareness training program for all employees, contractors and approved system users throughout the organization.
• Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
• Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
• Create the necessary internal networks among the information security team
• Determine the information security approach and operating model in consultation with stakeholders to ensure alignment with business objectives.
• Conduct security compliance checks and audits
• Develop an information security and disaster recovery vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives.
• Develop and enhance an up-to-date information security management framework.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and board levels.
• Ensure that all information owned, collected or controlled by or on behalf of the organization is processed and stored in accordance with applicable laws and other global regulatory requirements, especially data privacy, date security and cyber security.
• Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable.
• Facilitate and support the development of information assets in cloud services.

Requirements: 

• Degree in IT or related discipline
• 10+ years of experience in IT Security and Risk with over 4 years of senior management experience
• Solid experience with strong knowledge in ISO27001
• Certified in CISSA, CISA, CISM
• Hands-on experience and strong knowledge in Cyber Security, Data Security and IT Audit
• Well spoken and written English and Chinese

This is an excellent opportunity if you are keen to pursue your career in one of the leading Conglomerates. If you are interested, please send us your CV or call 3972 5700 for a further discussion.