IT Risk and Security Manager
鰂魚涌, 香港
source : Dairy Farm

The Job

North Asia Security Operation & Project Support

  • Manage day-to-day security-related operational and project-related activities across North Asia region (China, Hong Kong, Taiwan), such as Cybersecurity Incident and impact assessment, and act as a Security SME and consultant to projects throughout the SDLC + project lifecycle
  • IT Security & Risk Management

  • Work within the Technology organization and ensure solid governance and management realm for information technology risk and security requirements.
  • Proactively identify / analyze and manage risks toward closure, and ensure that the organization manages risks efficiently.
  • Work with Governance / Compliance and Security Operation team and lead / guide them through overseeing the fulfilment of IT / IS standards & compliance requirements.
  • Support IT heads and senior leadership as a focal point of managing information technology risk including design of effective controls and implementation of relevant processes to minimize risk exposure
  • IT Audit and Compliance

  • Lead, Manage and Support internal IT Audit handing methodology to ensure audit readiness, handling of audit process where needed to drive audit success.
  • This includes, not limited to IT / Cyber Security Audit / PCI-DSS Assessment by 3d party, as well as internal and external IT related audits

  • Manage management response and drive closure of IT / Cyber Security / other Audit findings with countries SRC members and IT / Business head
  • SAP and Enterprise Apps risk management

  • Overall governance of the SAP / Enterprise Apps SoD Matrix / Rulesets, i.e. Ownership of the SAP GRC functional Framework and Operational requirements of SAP Access Control System
  • Coordinate with Internal Audit to ensure SoD matrix is aligned with DF risks directive
  • Work with GRC System Administrator to ensure SAP Access Control System is aligned with SoD Matrix / rulesets
  • Coordinate with BPO to ensure mitigation controls are maintained and mitigation controls are periodically reviewed to ensure validity
  • The Person

  • Bachelor Degree holder or equivalent in IT or other related disciplines
  • With 7 or above years of experience in IT Risk & Security Management, Cyber Security and IT / Cybersecurity Audit.
  • Experience in developing and implementing governance and management policy / processes and programs are essential
  • Strong knowledge and hands-on experience in Security / privacy and compliance standards and framework (e.g., COBIT, NIST, ISO 27001, PCI-DSS, CIS)
  • Good knowledge of SAP roles design / authorization, SoD / Segregation / Separation of Duties and SAP rulesets and SAP-GRC.
  • Ability to learn and assimilate information quickly, apply risk control methods which impact multiple dimensions of Business, IT and subsequent downstream decisions
  • With CISA, CISSP, CISM, and / or CCSP qualification or equivalent is preferred
  • Conversant in articulating technical terms in layman context
  • Good verbal and written English, Mandarin & Cantonese communication skills across all levels of personnel
  • High engagement and Can-do attitude
  • Good critical thinking, analytical and problem-solving skills with strong attention to detail and follow-ups
  • Ability to work with a high degree of independence
  • Maturity, sound judgement, negotiation skills, ability to influence, analytical talent and leadership are essential
  • 报告这项工作

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。