About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation.
This in turn helps us to provide better support to our broad client base. As one of the biggest banks in the market, we are rapidly expanding by growing a new Virtual Bank - Mox in Hong Kong.
We see ourselves as a fast-growing start-up company where you will enjoy autonomy and teamwork at the same time, solving new and exciting problems in a nimble and agile way.
Join Mox and be part of history making for a brand new banking experience! The Role Responsibilities As a member of the Information Security Risk Office, you will act in a second line of defence role essentially covering 3rd party risk, cloud security assurance and other general risk management tasks.
Contribute to the design of the Bank's second line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policis, risk assessment and risk awareness
Review IT initiatives from information and cyber security risk perspectives and provide advisory and recommendation, and perform 2nd line assurance reviews
Review regulatory requirements for information & cyber security and define / propose control requirements to mitigate relevant risks.
Propose policy adaptation when appropriate
Act as primary coordinator during significant information security events. Work with 1st line of Cyber Security to oversee incident investigations and ensure security risks are identified and managed
Advise CISO in coordinating bank-wide cyber security programme such as business continuity programme, disaster recovery operations, impact analysis and training programme for different business streams
Strengthen the review assessment process for new products and services, continous monitoring of existing platforms and infrastructure and follow-up actions
Regularly review cyber risk tolerance threshold.
Our Ideal Candidate
Solid experience in information & cyber security risk in a financial institution
Experience of ICS regulation (preferably HKMA)
Educational background in computer science, information security, or engineering is desirable
Familiarity with information and cyber security regulatory requirements and the three lines of defence risk model
Experience in the following areas important : information security, cyber security, and technology risk management
Experience in the following areas desirable : network and application security, data loss prevention, identity and access management, vulnerability management, business continuity programme and disaster recovery operation
Experience in Cloud Security Governance and related risk is highly desirable
Proficiency in MacOS environment is desirable
Capability to work independently and execute tasks in the assigned timeframe
Qualifications or certifications in ICS areas important : CISM, CRISC, CISA, CISSP, CGEIT or other relevant certifications.