Grey Anderson Limited
Hong Kong
5-8 years
Not Specified

Job Description

Job Description :
  • Development and implement of cybersecurity and tech risk management process and framework
  • Enhancing current risk practices and the establishment of a risk framework
  • Ensuring risk including applications, systems, networks and digital assets are protected, monitored and managed effectively
  • Align risk appetite and the required processes within the business
  • Interface with audit, including internal and external, to ensure full engagement is well managed
  • Play a multi-faceted support role to provide reasonable assurance and compliance effort that the system of internal controls as established and to identify any areas for improvement
  • Develop risk management practices and create risk registers
  • Conducts risk assessment which can estimate the risks affecting the organization
  • Identify and capture risks and exceptions and subsequently monitor, track and manage them
  • Promote security awareness with risk culture mentality
  • Manage risk & controls library, impact thresholds, risk reporting and controls testing
  • Inform technology risk and compliance requirements across Technology and the businesses
  • Support vulnerability management prioritization
  • Establish 3rd party risk management capabilities
  • University degree in Engineering, Computer Science, or related disciplines
  • 5-8 years relevant information security, IT audit, working experience, especially in the technology risk security
  • Experienced with risk based assessment methodologies
  • Professional security qualifications CISA, CISSP, CRISC etc. are preferred
  • Sound knowledge of regulatory compliance practices, standards and methodology
  • Knowledge in process and standards ISO27000, 31000, NIST (SP) 800 series, COBIT are preferred
  • Strong and working knowledge of audit control framework, IT general controls, cybersecurity risk, tech risk
  • Strong knowledge base in operations, enterprise networking, operating systems and database security risk controls
  • Broad security and technology knowledge including DevOps and cloud infrastructure and IT general controls
  • Familiarity with audit engagement and consulting background in IT security, IT audit or compliance are preferable
  • Strong interpersonal, management, negotiation and presentation skill
  • Ability to work independently and in a team-oriented, collaborative environment
  • Working expereince in technical writing, including assessment reports, presentations, and policy, standard and procedures
  • Good communication and presentation skills, in both spoken and written English, Chinese and Cantonese

Similar Jobs

People Also Considered

Career Advice to Find Better