Senior Risk Security Expert
- Not disclosed
- Hong Kong Hong Kong Hong Kong HK
- Contract, Full time
- 19 Jun 18 2018-06-19
Founded in 2014, Keyteo Consulting is a company specialized in organization and information system management that work with its clients as they outsource their projects in innovation, as well as research and development. Our purpose is to improve the innovation, competitiveness and performances of our clients. We contribute to all the key steps in our clients’ project lifecycles, from an analysis of the needs through implementation and industrialization. For one of our client, Keyteo Hong Kong is looking for a Senior Risk Assessment ;
In alignment with the Head of ROCS Information Security, Asia Pacific to ensure Global Banking & Investor Solutions’ (GBIS) Information Risk & Security coverage strategy.
This role acts as a subject expert and part of the regional team managing Cybercrime, Application Security, Identity Management, Technical surveillance and response to Security Incidents.
In specifics of areas coverage includes:
Contribute to projects initiated by Paris head office or the regions.
Handling of regulators across the region as well as lateral peer groups including Computer Security, Human Resources, Legal, Compliance and front office. Where required, the candidate will assist in senior management meetings and communication.
Participation in Committees
Participate to the regular functional meeting with the global and aligned team,
Participate to the stand-up delivery meeting every morning,
(Incident related) Participate to the weekly Incident Review meeting of ROCS Asia.
Participate on need basis to global forums (Control Review Board, global Security Incidents, Investigations, tool related meetings),
Participate to the IT partner projects kick-off meeting (aka “routing meeting”)
Key Skill Areas & knowledge Required
• Strong understanding of I.T. infrastructure and I.T. applicative framework architectures,
• Strong background of Information and Computer Security,
• I.T Production awareness and ability to understand complex issues quickly and set priorities according to technical as well as strategic considerations,
• Excellent English verbal and written communication skills, experience of influencing at senior organizational levels, up to and including MD level,
• Sense of service; results orientation; reactivity,
• Innovative and bringing new ideas to improve processes
• Perform software security testing at a unit, functional, and system wide level,
• Risk Assessment
• Assess application criticality and to ensure security reviews are professionally managed, in accordance with existing application security policies and standards
• Perform information security risk assessments which includes project review, assessment of offshoring agents and services, security exception management, ad hoc spot checks of risky areas as well as other security controls
Incident Response / Investigation
• Manage the investigation function regionally, by executing sensitive enquiries relating to Information Security breaches (and fraud, when required) in the region.
• This will involve working across various stakeholder groups, including control functions and law enforcement. Also included is the management of the Bank’s cyber attack response protocol and following up on other suspicious activity generated by the detection system.
Remediation / Awareness
• Provide Information and Cyber Security training to our business partners to reinforce the information security awareness knowledge and mindset.
• Put Cyber criminality and protection awareness at the heart of the relationship with peers and partners,
Projects / Regulation
• Contribute to projects initiated by Paris head office or the regions.
• Handling of regulators across the region as well as lateral peer groups including I.T. Security, Human Resources, Legal, Compliance and front office. Where required, the candidate will assist in senior management meetings and communication.
• Contact point for regulatory requirements review and discussion
Participation in Committees
• Regional and global governance meetings and normative committees where required, e.g. Asia ITEC ORC, Paris ISEC Board, etc.
• Regular governance committee between ROCS and RESG/GTS Asia
• Daily team stand-up meeting
• Regular operational committee of integration projects
• Participation of various IT initiatives, e.g. Digital Transformation program
• Bachelor Degree in Information Technology or equivalent,
• Professional qualification mandatory : ITIL, CISM, CISSP,
• Seasoned professional with exposure to IT and Information Security regulations
• Experience in normative security
• Excellent communication skills and fluent in English,
• Experienced Security Expert with a minimum of 10 years of experience.