Our client is one of the wealth management groups which offers insurance and financial services. They are now looking for a Senior Manager for their Technology Risk team.

Responsibilities

• Develop and manage security governance framework and risk portfolio, which follows company’ IT control policies and guidelines
• Define and establish operation processes for the management of identity’s life-cycle; user access and privileged ID usage, with the use of the state-of-the-art vendor solutions
• Provide information security consulting and advisory services to IT departments and business units
• Research and evaluate latest security landscape and emerging security technologies including enterprise mobility and cloud computing
• Review IT initiatives on technology risk perspective and establish and implement remediating security controls
• Provide governance and support over security tools including but not limited identity and access management (I&AM), data loss protection (DLP), network security, end point protection and vulnerability management
• Handle and coordinate cyber security assessments include vulnerability scanning, independent penetration test on IT infrastructure and applications
• Work with IT operation to monitor and report suspicious activity and support internal/external audit on compliance assessment and regulatory audit work
• Manage and coordinate security incident response, handling and investigation process,  communicate with regional offices, vendors and external parties on security matters
• Promote cybersecurity and data protection awareness across the corporation

Requirements

• Degree holder in Computer Science or Information Systems or related discipline
• Minimum 10 years of relevant experience in IT security / technology risk management, gained from other sizable multi-national and insurance companies is an advantage
• IT security certification is preferred (e.g. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA),  Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC))
• Solid understanding of IT security products and solutions
• Experience and practical knowledge on implementing information security frameworks or standards, such as ISO, SOC, COBIT, ITIL is a plus
• Knowledge of SailPoint IIQ and CyberArk
• Familiar with security control and technical knowledge in areas such as: Identification and Authentication, Access Control, Cyber Defence, Infrastructure security, Application security, Cryptography and Data Loss Prevention, Compliance & Vulnerability Assessment, Incident Response & Forensics
• Knowledge of PCI-DSS and experience in handling with IT Audit will be advantage

Interested parties please apply with CV with current and expected salary. All information is strictly used for recruitment purpose only.