We are seeking an individual to join our global Information Technology Risk & Controls team to provide second line of defense oversight and governance over the corporate Information Security for China and the greater APAC region
This role will be a key member of the firmwide IT Risk & Controls team, working with other global representatives to develop standards, processes, and controls at both the local and corporate level, as well as developing processes to monitor the effectiveness of those controls for the local and other APAC regional offices. As part of this role, you will be exposed to some of the latest technologies and approaches.
- Oversight of the implementation of our Information Security and Technology Risk & Controls programs for our APAC Affiliates.
- Lead risk assessment processes for APAC Affiliates and as part of broader global assessments.
- Regular reporting to and support of the APAC office boards and risk committees
- Regular review of Information Security and Information Technology incidents reported locally or by outside parties used to provide services to assess potential impact to the office and report findings to senior leaders
- Monitoring the adequacy and effectiveness of internal control activities, performing an in-depth analysis of any areas of increasing risk, and escalating areas of concern to senior leaders
- Helping to define and further develop risk management frameworks which are relevant to China and the other APAC offices
- Ensuring intragroup service agreements meet APAC IT and Information Security requirements
- Representing the APAC offices’ interests in firmwide committees and working groups
- Development of Key Risk Indicators
- Assist in the design and development of processes and controls to manage risks, inclusive of disaster recovery and business continuity planning
- Develop and deliver Information Security Awareness training across APAC
- Maintain documentation for all local office guidelines, assessments, and reviews
- Alignment with local Compliance function to understand all relevant laws and regulations with regard to information security and information risk for China and the greater APAC region
- A minimum of 5 years’ experience in an Information Security or Information Technology Risk & Controls discipline
- Previous experience assessing, documenting, and communicating Information Security and Information Technology Risk to senior leaders, risk committees and boards
- A strong understanding of, and proven experience working with, regulatory requirements in China, Hong Kong, Singapore, and other APAC regions
- Previous experience leading a second line of defense risk management function
- CISSP, CISA, CRISC, CISM, or CGEIT certification, or proven experience in Information Security and Information Technology risk management including cyber security, data security and personal information protection, etc. is required
- Ability to function independently and as part of a global team who perform similar functions for EMEA and the Americas.
- Excellent oral and written communication skills in Mandarin and English, with a proven ability to effectively interact with teams representing a wide variety of technical and business disciplines.