Cybersecurity - Technology Risk & Regulatory Management
Using a holistic view of how Technology and Business integrate, the Cyber team performs technology-risk focused assessments, technology compliance, IT/operational process reviews, and design of information risk & cyber security solutions.
To join a growing team to assist clients with managing one or more of the following areas:
• Ethical Hacking - this discipline covers vulnerability assessment, application and network penetration testing, wireless security, mobile security, and system security testing.
• Cybersecurity Risk & Governance - this discipline covers designing and implementing Cybersecurity frameworks; Cyber maturity assessments; organisational design for Cyber Security; Cloud security; design and rollout of cyber security processes such as Incident Management, Intrusion Detection, and Security Monitoring.
• Technology Risk and 3 rd Party Cyber Risk - this discipline covers IT-Business related consulting over how an organisation manages technology risk and governs its outsourcing. This involves review, re-design and implementation controls over the 3 rd party organisation's IT environment. Topics include system development, project management, business or IT outsourcing, business continuity management, information security, incident management, user access management.
• Cyber Business Continuity, Disaster Recovery & Crisis Management - this discipline covers building business and technology resilience against cyber-attacks. Creating and testing Cyber Incident Response Plans around typical cyber-attack scenarios. Taking regulatory requirements around BCM and Crisis management and international standards based consulting.
Cyber team members regularly interact with C-Suite clients, such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Information Officer (CIO), Chief Operating Officer (COO), Chief Risk Officer (CRO) and their direct reports. Hence, a client centric mind-set, understanding of IT within a Business context, and well-developed communication skills are desirable.
Cybersecurity Technology Risk & Regulatory specialist:
The role involves delivering Technology Risk and Regulatory Compliance (covering the design and implementation of controls to address the people, process and technology risks) projects across the region, and working closely with our team of IT Risk & Regulatory professionals.
You will assist clients with managing their IT risks and implementing improvements to IT processes and controls to better manage overall IT risks. Provide clients with consultancy concerning IT Risk Management topics covering IT governance frameworks, application/infrastructure controls, system resiliency (Disaster Recovery), IT security governance & controls, data protection/privacy/classification, user access controls, SDLC controls, change management, problem management, incident management, help desk, IT production & computer operations management. Special focus on application, database, OS level control configurations.
A special focus area is technology project risk management (pre & post implementation). Applicants will apply their knowledge of IT best practice standards/ISO standards or IT regulations to help clients better manage their risks.
The successful candidate will have the following responsibilities:
• working in a collaborative team to deliver IT governance & risk, IT regulatory and compliance advisory services, as well as to implement key information security solutions
• identifying and resolving complex issues and develop innovative solutions for clients
• supporting the development of recommendations and presentations for client engagements
• working with high profile clients on a variety of local and international engagements
Personality traits leading to a good fit into the team include independence, innovative and resourceful thinking with strong interpersonal, organisational, presentation and report writing skills. A naturally inquisitive mind with an ability to think "outside the box" is preferred.
The role involves:
• Planning and executing the day-to-day activities of IT Risk engagements for a variety of clients, including reviews of application controls, systems development, and IT platforms (databases, servers, operating systems)
• Evaluating the design and effectiveness of technology management controls and IT governance & risk management practices supporting the client's business and operations
• Supervising and providing performance management for IT audit staff working on assigned engagements
• Identifying and communicating gaps to senior management and clients, as well as providing advice on IT performance improvement opportunities for clients
The ideal candidate should demonstrate the following:
• Technical applied experience working in one or more of these domains - IT Risk Management, IT Audit, IT Security, IT Governance, or IT Regulations (MAS, HKMA, US and UK Regulators)
Have a good working knowledge of information security principles, techniques and standards • Knowledge of the systems development lifecycle, information security, and IT management
• Soft skills - communication (written & verbal), client-centric, strong analytical & problem solving skills, team player
• Prefer banking or insurance industry experience
• A recognised degree in a Technology related field, such as Information Technology, Commerce/Business with major in Information Systems, Computer Science, or Engineering (Electronics/Computer), or related disciplines
• Recognised certification in an IT Risk or Business related field (desirable but not mandatory): CISA, CRISC, CISM, CISSP, PMP, CPA
Minimum 3 years of relevant experience for Senior Associate
Minimum 4 years of relevant experience for Assistant Manager