My client is a global insurance firm that emphasizes the high quality information security, compliance and IT security risk management strategy and services to enable delivery of solutions and services to the business. The Information Security Consultant is primarily responsible for the overall information security governance in Hong Kong and China.
- Provide overall information security governance and maintain a good understanding on IT security controls in HK & China business units
- Collaborate with Risk Management team to assess Cyber risk exposure for business units (BUs) and share Regional and BU level IT security dashboard to help management to understand the IT security risk exposure
- Engage the business units to perform various kind of assessment and drive remediation, including Cloud Security assessments, Vendor assessments, Business / IT application assessments, Regulatory assessments, IT Compliance assessments, IT Risk assessment, Themed Security Reviews, etc.
- Collaborate with internal stakeholders to ensure application security controls are implemented throughout the application development life-cycle
- Facilitate the Global Security Awareness & Education initiatives and drive the programs at BU level
- Coordinate and facilitate IT Security incidents response and forensic investigations
- Communicate the Cyber threat alerts to the BUs and ensure the actions recommended by Global Cyber Threat Intelligence team are completed at BU level
- Minimum 4 years of relevant experience in Information Security
- Qualification in CISSP, CISA, CISM is preferable
- Ability to communicate security-related concepts to a broad range of technical and non-technical staff
- Good understanding of operating system platforms and security models, holistic set of IT technologies and processes (operating systems, databases, networking, web/application, change management, SDLC, disaster recovery, monitoring, help desk, etc.) Proficiency in both spoken and writing English and Chinese