Cyber Governance & Security Advisory Lead - Mox
Standard Chartered Bank
Hong Kong, Hong Kong

About Standard Chartered

We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation.

This in turn helps us to provide better support to our broad client base.

About Mox

As one of the biggest banks in market, we are rapidly expanding by growing a new virtual banking business in Hong Kong. We see ourselves as a fast growing start-up company where you will enjoy autonomy and teamwork at the same time, solving new and exciting problems in a nimble and agile way.

Join us and be part of history making for future banking experience!

The Role Responsibilities

Provide cyber security leadership and expertise to effectively and efficiently ensure the ongoing confidentiality, integrity, and

availability of systems and information .

  • Develop Technology & Security Policies, guidelines and procedures across the Technology Department
  • Provide key input in the delivery and maintenance of the cyber and information security framework, policies, and standards
  • Define and maintain the security control, strategy and framework
  • Coordinate steering committee to drive cyber and information security agenda
  • Implement controls to ensure compliance to internal policies and external regulatory requirements
  • Provide Cyber Compliance and Governance within the bank
  • Provide input, cyber risk assessments, cloud security assessments, and evaluation support of cyber security solutions,infrastructure, and projects
  • Consult on cyber implications of vendor and internally provisioned service integrations to our AWS environments.
  • Provide leadership and supervision of the internal control environment and escalate key risks to senior management
  • Ensure third-party risk management is compliance to internal and regulatory expectations
  • Ensure the internal control environment is safe and sound by way of developing remediation programs and risk treatments
  • Lead efforts to conduct periodic compliance testing and risk & control self-assessment
  • Participate in the planning and help drive the evaluation, documentation, and hands-on implementation of key security controls,processes, solutions, and infrastructure in order to prevent and mitigate information security risks
  • Work collaboratively with key development and IT operations stakeholders to establish and deliver a secure CI / CD pipeline
  • Identify opportunities to drive service quality, contain costs, improve service delivery, and security by conducting gap assessments and promoting / driving automation initiatives
  • Engage and collaborate with technology, business, and risk lines to ensure that risk items such as high impact changes are appropriately addressed and maintained in line with the risk management framework and risk appetite
  • Closely integrate with the business and provide stakeholders with front door cyber engagement and cyber consultative services for new initiatives.
  • This may cover support with cyber related queries, regulatory, and lines-of-risk control objectives

  • Coach and mentor security and / or other staff members to allow them to develop their risk and security knowledge to become more rounded Cyber Security and risk professionals
  • Our Ideal Candidate

    10+ Years' experience in technology / IT / security and consulting / advisory related positions, including time spent in IT Governance, Cyber & Technology Risk Management.

    You should be able to demonstrate :

  • Expert IT Governance, Technology Risk Management and Cyber Security knowledge and experience
  • Deep understanding in regulatory requirements, technology operations, processes and digital banking business
  • Deep understanding of information & cyber security and in-depth experience in managing internal control environment
  • Possess strong interpersonal and communication skills and display initiative to lead discussions with operational staff at all levels, business leaders and colleagues
  • Successful track record of driving Governance, Cyber Risk and Compliance Programs
  • Sound knowledge of application security, information security, and risk management frameworks, such as OWASP, NIST, ISO / IEC 27001, and ITIL.
  • Candidates with global regulatory knowledge and good understand of Cloud Controls are preferred.

  • Excellent written and verbal communication skills, proactive, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
  • Ability to act calmly and competently in high-pressure, high-stress situations. Must be a critical thinker, with strong problemsolving skills and analytical skills.
  • The ability to manage multiple projects under strict timelines.

  • Ability to lead and motivate the information security team to achieve tactical and strategic goals, team player mentality
  • Apply now to join the Bank for those with big career ambitions.

    To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。