Information and Cyber Security Risk Manager

Job Description

*About Mox Mox is built by and for the ones who aspire to live life to the fullest we call them Generation MoxThe name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration it s all up for us to define together. Why Mox Mox helps you grow your money, your world, your possibilities. We equip you with the financial management tools, information and insights you need to make your dreams, big or small, come true. Everything at Mox from our products, features, to rewards is designed based on customer research, tailor made for your needs. We care about what customers care about, especially in data security and privacy. Data ethics is core to everyone here at Mox. Mox rewards you with an array of banking and lifestyle benefits. Who says banking can t be fun Who are we looking for The Mox Chief Information Security Risk Officer (CISRO) organization is instrumental in protecting and ensuring the resilience of the virtual banks data and IT systems by managing information and cyber security (ICS) risk across the enterprise.As the 2 nd man in charge - directly reporting to the Chief Information Security Risk Officer for the Bank, this role is accountable for ensuring and strengthening the Bank s control for ICS risk. The successful candidate will manage the second line control environment to protect the Bank. Keeping abreast of market trends and regulatory requirements, the successful candidate will continuously manage and improve the ICS risk framework for the Bank.Responsibilities
• Direct the design of the Bank s second line of defense in managing ICS risk, encompassing the areas of strategy, governance, business engagement, policy, risk assessment, and awareness/training.
• Understand regulatory requirements for information and cyber security and define control requirements to mitigate relevant risks.
• Work with First Line Cyber Security to oversee incident investigations and ensure security risks are identified and managed.
• Support CISRO in participating in firmwide cyber security program such as business continuity program, disaster recovery operations, impact analysis and awareness/training program for different business streams.
• Support CISRO in representing the Bank on internal and external information and cyber security committees.
• Establish and review assessment processes for: 1) new products and services; and 2) the continuous monitoring of existing platforms and infrastructure.
• Establish and review appropriate cyber risk tolerance thresholds and follow-up actions.
Requirements
• Over 15 years aggregate industry experience in IT Security, Information and Cyber security risk - mandatory
• Experience of ICS regulation (preferably HKMA and SFC)
• Educational background in Computer Science, Information Security, or Engineering.
• Familiarity with information and cyber security regulatory requirements and the three lines of defense risk model.
• Strong knowledge of cyber security frameworks, information security principles, architecture, and cryptography.
• Familiarity with NIST cyber security framework, NIST information security principles, ISO/IEC 27000-series is preferred
• Experience in the following areas is important: Information Security, Cyber Security, Technology Risk Management and Cloud Security.
• Experience in the following areas is desirable: Network and application security, data loss prevention, data encryption, identity and access management, vulnerability management, business continuity program and disaster recovery operation.
• Proficiency in MacOS environment.
• Professional Certifications such as CISSP, CISM, CRISC, CISA or equivalent.
• Influencing skills and ability to manage relationships with senior management.
• Excellent written and oral communication, and reporting skills.
,

Keyskills :
risk managementbankingriskcustomer relationscompliancedata loss preventionit securitydata securitysecurity riskcyber securityrisk assessmentloss preventiontechnology risk