North Asia Security Operation & Project Support
Manage day-to-day security-related operational and project-related activities across North Asia region (China, Hong Kong, Taiwan), such as Cybersecurity Incident and impact assessment, and act as a Security SME and consultant to projects throughout the SDLC + project lifecycle
IT Security & Risk Management
Work within the Technology organization and ensure solid governance and management realm for information technology risk and security requirements.
Proactively identify / analyze and manage risks toward closure, and ensure that the organization manages risks efficiently.
Work with Governance / Compliance and Security Operation team and lead / guide them through overseeing the fulfilment of IT / IS standards & compliance requirements.
Support IT heads and senior leadership as a focal point of managing information technology risk including design of effective controls and implementation of relevant processes to minimize risk exposure
IT Audit and Compliance
Lead, Manage and Support internal IT Audit handing methodology to ensure audit readiness, handling of audit process where needed to drive audit success.
This includes, not limited to IT / Cyber Security Audit / PCI-DSS Assessment by 3d party, as well as internal and external IT related audits
Manage management response and drive closure of IT / Cyber Security / other Audit findings with countries SRC members and IT / Business head
SAP and Enterprise Apps risk management
Overall governance of the SAP / Enterprise Apps SoD Matrix / Rulesets, i.e. Ownership of the SAP GRC functional Framework and Operational requirements of SAP Access Control System
Coordinate with Internal Audit to ensure SoD matrix is aligned with DF risks directive
Work with GRC System Administrator to ensure SAP Access Control System is aligned with SoD Matrix / rulesets
Coordinate with BPO to ensure mitigation controls are maintained and mitigation controls are periodically reviewed to ensure validity
Bachelor Degree holder or equivalent in IT or other related disciplines
With 7 or above years of experience in IT Risk & Security Management, Cyber Security and IT / Cybersecurity Audit.
Experience in developing and implementing governance and management policy / processes and programs are essential
Strong knowledge and hands-on experience in Security / privacy and compliance standards and framework (e.g., COBIT, NIST, ISO 27001, PCI-DSS, CIS)
Good knowledge of SAP roles design / authorization, SoD / Segregation / Separation of Duties and SAP rulesets and SAP-GRC.
Ability to learn and assimilate information quickly, apply risk control methods which impact multiple dimensions of Business, IT and subsequent downstream decisions
With CISA, CISSP, CISM, and / or CCSP qualification or equivalent is preferred
Conversant in articulating technical terms in layman context
Good verbal and written English, Mandarin & Cantonese communication skills across all levels of personnel
High engagement and Can-do attitude
Good critical thinking, analytical and problem-solving skills with strong attention to detail and follow-ups
Ability to work with a high degree of independence
Maturity, sound judgement, negotiation skills, ability to influence, analytical talent and leadership are essential