Job Description:
Job Description:
The MLST Information Security Officer reports directly to the Regional Information Security Officer and work closely with the country management. In this role, you will be providing guidance on various complexity of security issues to the country stakeholders to ensure IS local regulations, GIS policies and standards are adhered to and IS risks are mitigated.
The MLST Information Security Officer utilizes in-depth technical / project knowledge, plus the understanding of business requirements, and closely follows bank’s risk management framework, to influence and build a security aware culture and embed security into all layers of business processes to meet customer / client needs while protecting the Bank's assets.
Responsibilities:
- Serve as the local point of contact of all information security matters, including control enforcement, incident management, governance, compliance, and third-party risk management.
- Manage local audit and regulatory engagements impacting Global Information Security.
- Drives country-specific control implementations or special programs, where deemed necessary based on risk assessments or local regulatory requirements.
- Provide information security guidance and support to the country management and local business in risk assessments and implementation of appropriate information security procedures and controls with consideration to applicable policy and regulatory requirements.
- Monitor existing and proposed security policies, standards, and local regulations; Identifies and escalates changes that will affect information security policy, standards, and procedures.
- Deliver information security awareness trainings to employees in accordance with local regulations and business needs.
- Monitor internal and external information security trends, keeps local leadership and regional/global GIS teams informed about information security-related issues and activities affecting the local entity.
- Partner with information security officers in the region to enhance country governance model and deliver on other regional initiatives to ensure a consistent risk management approach across the region.
- Represent the Bank in meetings and conferences with regulators and industry partners; Maintain good relationship with external stakeholders.
Skills:
- 5+ years of information security risk management experience with proven ability to manage challenging business situations.
- Good working knowledge of governance, risk management and compliance routines and control processes.
- Familiar with country laws and regulatory requirements relating to information security and privacy, industry best practices, and their impact to the business.
- Strong communication skills and experience with managing senior stakeholders in in both English and Chinese; Strong business writing skills in both English and Traditional Chinese.
- Hold relevant professional certificates recognized by local authorities.
- Good understanding on Global Markets business and technology is an advantage.