Associate Director, Security and Compliance Associate Director, Security and Compliance …

Sun Life Hong Kong Limited
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Last application, 22 May 20
Sun Life Hong Kong Limited
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Last application, 22 May 20
Associate Director, Security and Compliance
You are as unique as your background, experience and point of view. Here, you'll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:
Sun Life Hong Kong Information Technology is looking for an experienced Information Security professional to design and enforce policies and procedures that protect our organization's computing infrastructure from all forms of security breaches. This role will be responsible for identifying vulnerabilities and working with our IT teams to resolve them, ensuring that our network and data remains secure.

This role should have expert analytical skills and an in-depth knowledge of best practices to prevent a wide range of security threats. Excellent communicators is expected and is also responsible to train and educate our staff in various information security topics.

  • Proactively identify vulnerabilities in our current network and systems. Develop and implement a comprehensive plan to secure our computing network and systems
  • Monitor network and system usage, perform regular penetration tests and implement remediation actions to ensure compliance with security policies
  • Keep up-to-date with industry standards and latest development in IT Security standards and threats
  • Document and security breaches and accessing their damage. Communicate and collaborate with management stakeholders and IT teams to improve security
  • Arrange training or awareness program to educate colleagues about security software and best practice for Information Security
  • Frequent contact with business stakeholders to review security measures and articulate the values of Information Security measures to the business
  • Regular contact with Regional and Corporate Security team to align on standards, share knowledge and experience, and keep update on change of security guidelines
  • Frequent contact with the CIO to align on Information Security measures and balance to strike on the level of security against business flexibility
  • Regular work with Project team and Architecture team to ensure security is part of the their design and planning, and not being missed out / outdated
  • Regular contact with Compliance and Risk Management to ensure compliance related to IT are well planned and executed, and IT risk impacting business risk are reported and mitigated according to business expectations
  • Regular contact with External Auditor and Internal Auditor to align audit schedule, shopping list, and align on audit findings and assist the management team to draft practical management response for audit item, if any.
  • Regular update with vendors to keep update on the latest market trends

Job Requirements:
  • University Graduate and above from Information Technology discipline
  • Over 10 years of experience in IT
  • Professional Information Security Certification
  • Knowledge of NIST Cybersecurity Framework
  • Knowledge of Canadian OSFI regulatory framework of guidance and rules
  • Ability to balance the investment on security measure with anticipated business values of risk avoidance. Resolve the different views on the same security vulnerability based on different perspectives, including Regional, Corporate, and regulatory measurements.
  • Strong communication, collaboration, and inter-personnel skills
  • Strong influencing and negotiation skills to get buy-ins from the business stakeholders and Regional and Corporate
  • Excellent problem solving and analytical skills
  • Ability to educate a non-technical audience about various security measures and their values to business
  • Keep update on market information and stay update on the latest trend on information security
  • Fluent in Cantonese and English

We offer 5-day work, attractive salary, MPF, group life and group medical insurance; and excellent career development opportunities to the right candidate.

We are an equal opportunity employer and welcome applications from all qualified candidates. Application forms and resume will be kept for a period of 24 months after completion of the recruitment process. (All information will be held in strict confidence and only be used for recruitment purpose).

Job Category:
IT - Technology Services
Posting End Date: