- Execute and refine the monitoring framework and mechanisms related to technology risks and information security, which is developed and operated by a third-party delivery partner
- Implement and enhance the governance framework to ensure compliance with regulatory requirements and best practices, particularly in benchmarking the Delivery Partner’s deliverables.
- Lead and drive security risk assessment and security tests.
- Ensure policies and procedures are properly enforced and monitored to achieve governance objectives.
- Oversee the Delivery Partner’s technology risk and information security work, including developing reporting metrics, risk assessments, incident tracking, and ensuring timely remediation of identified risks.
- Oversee security risk assessments, red team tests, and compliance assessments related to the Platform.
- Degree holder in Computer Science / Information Security or related disciplines;
- Minimum 10 years of relevant experience in multiple areas including technology risk, information security, cyber security, regulatory compliance in a financial services and/or public sector environment with 2+ years at managerial level;
- Relevant security management and IT audit qualifications, e.g. CISM, CISSP, CISA, CRISC or equivalent;
- Good knowledge of PDPO, ISO 27001 and general compliance as well as infrastructure and applications;
- Hands-on experience in development and application of risk management tools, e.g. KRI, risk controls assessments, risk register, etc.
- Good vendor management experience for large-scale projects;
- Good command of both spoken and written Chinese and English.