Business Information Security Officer

Job Title: Business Information Security Officer
Contract Type: Permanent
Location: Hong Kong, Hong Kong
Salary: Bonus
REF: 19062019_1560937331
Contact Name: Rita Yu
Contact Email:
Job Published: 4 months ago

Job Description

A global leading insurer is looking for a Business Information Security Officer to join their fast-growing team in the regional office. Successful candidate will be able to develop his or her across different business functions in an international work environment.

Your role:

  • Engage with Business/IT to perform Information Security, Risk & Compliance assessments and drive remediation actions
  • Actively maintain good understanding and governance on IT security controls in Hong Kong and China business units
  • Collaborate with Risk Management to assess Cyber risk exposure for BUs
  • Collaborate with Business/IT to ensure application security controls are implemented throughout the application development life cycle
  • Validate security metrics provided by Group and drive remediation actions to fix security control gaps, e.g. security vulnerabilities, coverage of security technologies, application security, technical control compliance, etc.
  • Share Regional & BU level IT security dashboard to help BU management to understand IT security risk exposure and provide security consultancy on business, IT and projects
  • Facilitate the Global Security Awareness & Education initiatives at the BU level and drive the relative programs in the region
  • Coordinate and facilitate the IT security incidents response and forensic investigations
  • Communicate the Cyber threat alerts to the BUs and ensure the Global Cyber Threat Intelligence requests are fulfilled

Your Skills and Experience:

  • Minimum 8 years of professional experience in information security
  • Qualification in CISSP, CISA and CISM is an advantage
  • Good understanding of holistic set of IT technologies and processes, e.g. operating systems, databases, networking, web/application, change management, SDLC, disaster recovery, monitoring, help desk, etc.
  • Strong influencing skills with ability to communicate security-related concepts to a broad range of technical and non-technical staff for all levels
  • Excellent communication skills in both written and spoken English, Mandarin and Cantonese

To quickly apply, please kindly send your updated CV to this email: for a confidential chat.