Text size
aA+ aA-
Click here to print

Senior Director, Cybersecurity Risk And Solutions, IT, Asia Pacific

Country : Area Hong Kong Area Hong Kong

Region : Kowloon

Town : Hong Kong

Category : Retail

Contract type : Permanent

Availability : Full time

Job description

The APAC Head of Cybersecurity Risk and Solutions will be responsible for ensuring that all technology systems and data in the region of responsibility are compliant with all applicable regulations, including internal and external auditing, Sarbanes-Oxley (SOX) regulations, privacy regulations, payment card industry (PCI) requirements, FDA, CCPA (and others), the General Data Protection Regulations (GDPR) as applicable, and quality controls.
Compliance is critical to continued operation of the company's businesses worldwide. This role manages the process of collecting evidence to demonstrate compliance, directs remediation across the region for non-compliant systems. This requires understanding of regulations, technical constraints, and business constraints, areas that must be carefully balanced.
More nuanced, however, is the responsibility of this role to directly interact with the IT lead(s) for this region as well as the business leader(s) of the region, to make transparent the cybersecurity threats and risks specific to the region.
This role leads the business in identifying, assessing and remediating Technology, Data and Cybersecurity Risk in their region of responsibility. This role is accountable to the framework and strategy set by the CISO, and for working in close collaboration with the other regional Risk and Solutions heads to ensure enterprise-wide visibility for the CISO into the risk posture of the organization. This role will also maintain the region's Cybersecurity Risk Register in alignment with the CISO's Enterprise Cybersecurity Risk Register and Framework, creating and providing to the Global Head of Cybersecurity Risk, Solutions & Assurance the reporting on Key Risk Indicators for Corporate Risk Committees for her/his area of responsibility.
This role is further responsible for the tailoring and delivery of Cybersecurity Awareness and Training across their region of responsibility and in accordance with the strategy and framework of the ECR Lead for Awareness and Training.
Key Roles & Responsibilities:
- Responsible for all technical and process Information- and Cybersecurity consulting across the region of responsibility, ensuring appropriate risk identification and reporting across the same
- Leads technology compliance across a complex landscape by developing a repeatable, sustainable, and evolving program for the region of responsibility
- Responsible for the secure build and deployment of all project and programs across the region of responsibility
- Develops and delivers risk reports to the leadership of the region of responsibility, including vulnerabilities and threats
- Responsible for the embedment of information and cybersecurity across all external-facing products and platforms (including web-based, cloud housed, .com, and POS) for the region(s) of responsibility
- Responsible for ensuring the Cyber Threat Management Center (CMTC) has full visibility across the region of responsibility, and for participating in Incident Response as directed by the IR lead
- Responsible for ensuring all products and platforms are built to the standards of the Information Security Policy and Data Privacy standard(s), and for assessing, assembling, and providing risk visibility to the Global Head of Risk, Solutions & Assurance
- Responsible for the tailoring and delivery of Information Security awareness and training across the region of responsibility, in alignment with the strategy and framework of the ECR Lead for Awareness and Training
- Responsible for partnering to conduct assurance tests across the regional ecosystem, products, platforms, and operations - Assurance will be conducted by the coordinating and/or executing of all penetration tests, including SOX, PCI and physical to digital vulnerabilities, as well as partnering with Audit for assessments in the region of responsibility
- Partners with Head of Cybersecurity Threat Management Center to drive remediation of vulnerabilities that are outstanding across the regional ecosystem, ensuring appropriate risk elevation and reporting for outstanding or repeat items
- Leads the Risk exception handling process for the region of responsibility and elevation/reporting of the same


Skills & Requirements:
- BS in Cybersecurity, Computer Science, Computer Engineering, Systems Engineering or related IT discipline
- 10+ years relevant industry or risk management experience and/or accreditation
- Risk Management experience and robust understanding of IT and Operational Risk Management framework, including the construction of an effective control environment
- Vast information security expertise, including familiarity with and/or experience leading:
- Risk and compliance (e.g. SOX, PCI, FDA, GDPR)
- Policies, Standards, and Procedures
- Business Continuity/Disaster Recovery
- Application Security
- Awareness and Compliance Training
- Information Security Metrics
- Vendor Risk Management
- Business expertise to tailor solutions to the retail, manufacturing, and wholesale sectors and associated risk appetites
- Superior communication, facilitation and consensus-building skills
- Ability to effectively communicate with senior functional leadership
- Organizational awareness with an understanding of how to engage the organization to achieve results
- Strong understanding of process management and respective industry best practices
- Superior multi-tasking skills and the ability to work in a fast-paced, often deadline-oriented and dynamic environment
- Prior IT and Operational Risk, Audit, or finance/controllership operational experience preferred
Click here to print

Website reserved for fashion, luxury and beauty industry professionals.