Information Security Officer (ISO) plays a pivotal role in assisting the Chief Risk Officer and the Head of Information Technology Department in ensuring the second line of defense for Cyber Security Risk Management.
The ISO is responsible for maintaining and enhancing the Information Security risk management framework within the context of the bank’s broader risk management framework.
This includes managing and mitigating risks related to cyber security, data, information, privacy, outsourcing, and information technology compliance. The ISO also engages with regulators to ensure the adequate protection of information assets and associated technology, applications, systems infrastructure, user processes, and third-party vendor usage.
- Risk Management Framework: Manage and improve the Information Security risk management framework in alignment with the bank’s risk management framework.
- Risk Mitigation: Identify, manage, and mitigate risks related to cyber security, data, information, privacy, outsourcing, and information technology compliance.
- Regulatory Engagement: Communicate with regulators to ensure the protection of information assets and associated technology, applications, systems infrastructure, user processes, and third-party vendor usage.
- Risk Assessment: Independently identify, assess, and aggregate cyber, technology, and resilience risks associated with internal and external events. This involves providing direction, training, and influencing the behavior of bank employees.
- Policy Oversight: Oversee the adoption and implementation of information security policies, technologies, mitigation programs, and related procedures to comply with regulatory and Parent Bank guidance.
- Information Security Governance: Assist the Head of IT in leading the information security governance team by identifying key threats to information assets, optimizing security policies and procedures, and developing a control program to proactively address threats.
- Incident Response: Coordinate and lead incident response activities, including escalation, investigation, and recovery from security incidents. Propose solutions to prevent future incidents.
- Vendor Security: Identify information security risks associated with vendors and third parties accessing Branch systems. Review and assess mitigating controls.
- Project Management: Manage Cyber Security improvement projects and mitigation programs to align with regulatory and Parent Bank guidance.
- Training: Develop and manage an information security awareness training program for employees and contractors, with metrics to measure its effectiveness.
Required Skills and Personal Attributes:
- Strong knowledge of information security best practices, standards, and frameworks (e.g., ISO/IEC 27000, NIST 800-53, PCI DSS).
- Understanding of technical infrastructure, networks, databases, and systems in relation to Information Technology Security and Risk Management.
- Proven experience in developing information security strategy, policies, and procedures.
- Ability to work independently, exercise sound judgment, and demonstrate planning, organizational, team leadership, and decisiveness skills under pressure.
- Strong interpersonal and organizational communication skills.
- Proficiency in information security applications and domain-specific knowledge.
- Proficient in spoken and written English; ability to communicate effectively in both English and Chinese with work proficiency.
Qualifications You Need To Work as Information Security Management
- Bachelor of Science in Computer Science, Information Technology, Network Engineering, or Cyber Security (Advanced degree preferred).
- At least 5 years of related experience in financial services, including knowledge of regulatory rules in information security, cyber security, and IT.
- Prior experience in risk, information security management, operations, audit, or management consulting, preferably in a financial institution environment.
- Professional security management certification such as CISA, CISM, CRISC, and/or CISSP required.
Job Types: Full-time, Permanent, Fixed-term contract
Contract length: 12 months
Benefits Of Information Security Officer
Benefits associated with Information Security Management play a crucial role in attracting and retaining talented professionals within an organization. These benefits not only enhance the well-being and job satisfaction of employees but also contribute to the overall success of the company.
Here’s an elaboration on the benefits commonly provided to Information Security Management professionals:
- Company Pension: A company pension plan is a retirement savings plan sponsored by the employer. It allows employees to save a portion of their income for retirement, often with contributions from the employer. Having a pension plan provides financial security in the later stages of an employee’s career and encourages long-term commitment to the company.
- Dental Care: Dental care benefits cover a range of dental services, including routine check-ups, cleanings, and treatments. Good oral health is essential, and dental benefits help employees maintain their teeth and gums, reducing the risk of oral health problems.
- Disability Insurance: Disability insurance provides financial protection to employees who are unable to work due to illness or injury. It offers income replacement during periods of disability, ensuring that employees and their families have financial stability in challenging times.
- Employee Assistance Program (EAP): EAPs offer confidential counseling and support services to employees and their immediate family members. These programs help employees deal with personal and work-related issues, such as stress, mental health concerns, addiction, or relationship problems.
- Extended Health Care: Extended health care benefits cover a wide range of medical expenses beyond basic healthcare, such as prescription drugs, specialist consultations, paramedical services (e.g., physiotherapy, chiropractic care), and medical equipment. This comprehensive coverage promotes overall health and well-being.
- Life Insurance: Life insurance provides financial security to an employee’s beneficiaries in the event of their death. It ensures that loved ones receive a lump-sum payment, helping to cover funeral expenses and providing financial support in the absence of the employee.
- Paid Time Off (PTO): Paid time off includes vacation days, holidays, and sick leave. It allows employees to take time off work with pay, promoting a healthy work-life balance and providing opportunities for rest and recuperation.
- Tuition Reimbursement: Tuition reimbursement programs support employees in pursuing further education or professional development. Employers often reimburse a portion or all of the costs associated with courses, degrees, or certifications relevant to the employee’s role. This benefit fosters continuous learning and skill enhancement.
- Vision Care: Vision care benefits cover eye examinations, prescription eyeglasses, contact lenses, and vision correction procedures. Maintaining good vision is important for overall health and productivity, making vision care benefits highly valuable.
In the context of Information Security Management, these benefits are particularly important as they promote the physical and mental well-being of professionals who play a critical role in safeguarding an organization’s sensitive data and digital assets.
Providing such benefits not only attracts top talent to the field but also ensures that employees are motivated, healthy, and capable of effectively managing and mitigating security risks. This, in turn, contributes to the organization’s overall security posture and success.
- Day shift
- Monday to Friday
Supplemental pay types:
- Bonus pay
- Overtime pay
- Did you major in Computer Science, Information Technology, Network Engineering, or Cyber Security, or a directly related field?
- Is working on-site for a minimum of four days a week acceptable to you?
Education Degree That Is Required To Work As :
- Bachelor’s Degree (preferred)
- Information Security Management, cyber security, and IT: 5 years (preferred)
- CISA, CISM, CRISC, CISSP (preferred)