Your new company
Large Non Profit Organisation

Your new role
• Prioritize supporting and advancing the security management's instructions.
• Improve current procedures for reducing cyber threats and creating a risk framework.
• Coordinate risk appetite and make required business process adjustments.
• Support and carry out a program to renew knowledge of security compliance and governance.
• Adhere to and put into effect best practices for risk management, including the use of risk registers, issue management, a library of risks and controls, impact thresholds, risk reporting, controls testing, and security governance.
• Determine the risks associated with IT and business initiatives and activities based on policy, standards, technological compliance requirements, and best practices.
• Ensure that risk-reduction security measures are effectively implemented.
• Acceptance of risk exceptions must be adequately controlled, validated on time, and escalated.
• Create a report on the state of security for top management.
• Participate in third-party risk management, and effectively participate in and oversee audit operations
• Take part in and make a constructive contribution to fostering a culture of inclusivity, diversity, and respect. Participate actively in initiatives across teams, divisions, and departments and serve as a role model for teamwork

What you'll need to succeed

• University degree or above in IT, Management Information System, cybersecurity and/or risk compliance.
• At least 5-8 years of experience in IT technical roles and audit, 3-5 years of hand-on in technology risk assessment and security compliance aspects.
• CISA, CISSP, CRISC or equivalent is preferable.
• Experience in adopting risk-based assessment methodologies and engaging audit counter-parts.
• Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks/Practices e.g. NIST, COBIT etc.
• Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security).
• IT background with operations, enterprise networking, operating systems and database security risk controls.
• Sound skill across: DevSecOps, cloud security, PII, GDPR, and Cyber security laws in China.
• High problem solving, risk management and analytical skills.
• Strong interpersonal, management, negotiation and presentation skill.
• Experience in performing risk assessment and evaluation.
• Experience in reporting risk tailored to IT and business stakeholders about most significant risks to the business.
• Competency consulting background in IT, Cyber Security and/or IT Audit and Control Compliance.
• Competency interacting with seasoned colleagues on Technology and Cybersecurity Risk, Audit and compliance agenda.
• Experience in building and promoting risk awareness amongst IT and buz staff by providing support and training within the company.
• Effectively manage multiple priorities, work independently and in a team-oriented and collaborative environment.
• An aptitude for technical writing e.g. assessment reports, presentations, management dashboard and risk indicators/metrics.

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV or drop an email to conrad.chang@hays.com.hk, or call us now by +852-2230-7914.

If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career. #1235886