Third Party Risk Assurance Manager - Mox
Standard Chartered
Hong Kong, Hong Kong,

About Standard Chartered

We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation.

This in turn helps us to provide better support to our broad client base. As one of the biggest banks in the market, we are rapidly expanding by growing a new Virtual Bank - Mox in Hong Kong.

We see ourselves as a fast-growing start-up company where you will enjoy autonomy and teamwork at the same time, solving new and exciting problems in a nimble and agile way.

Join Mox and be part of history making for a brand new banking experience! The Role Responsibilities As a member of the Information Security Risk Office, you will act in a second line of defence role essentially covering 3rd party risk, cloud security assurance and other general risk management tasks.

  • Contribute to the design of the Bank's second line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policis, risk assessment and risk awareness
  • Review IT initiatives from information and cyber security risk perspectives and provide advisory and recommendation, and perform 2nd line assurance reviews
  • Review regulatory requirements for information & cyber security and define / propose control requirements to mitigate relevant risks.
  • Propose policy adaptation when appropriate

  • Act as primary coordinator during significant information security events. Work with 1st line of Cyber Security to oversee incident investigations and ensure security risks are identified and managed
  • Advise CISO in coordinating bank-wide cyber security programme such as business continuity programme, disaster recovery operations, impact analysis and training programme for different business streams
  • Strengthen the review assessment process for new products and services, continous monitoring of existing platforms and infrastructure and follow-up actions
  • Regularly review cyber risk tolerance threshold.
  • Our Ideal Candidate

  • Solid experience in information & cyber security risk in a financial institution
  • Experience of ICS regulation (preferably HKMA)
  • Educational background in computer science, information security, or engineering is desirable
  • Familiarity with information and cyber security regulatory requirements and the three lines of defence risk model
  • Experience in the following areas important : information security, cyber security, and technology risk management
  • Experience in the following areas desirable : network and application security, data loss prevention, identity and access management, vulnerability management, business continuity programme and disaster recovery operation
  • Experience in Cloud Security Governance and related risk is highly desirable
  • Proficiency in MacOS environment is desirable
  • Capability to work independently and execute tasks in the assigned timeframe
  • Qualifications or certifications in ICS areas important : CISM, CRISC, CISA, CISSP, CGEIT or other relevant certifications.
  • 报告这项工作

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。