Business Information Security Officer

  • negotiable
  • Hong Kong
  • Permanent, Full time
  • Bank of Montreal Asia
  • 22 Nov 17 2017-11-22

Business Information Security Officer We are looking for a competent individual to join our Global Information & Technology Risk Management (GITRM) team in Hong Kong. This is a group that combines Information Security, Information Management and IT Risk into a comprehensive department focused on managing information risks for the bank. This role will be part of the GITRM International organization and will be responsible for Information Security & Technology Risk Management oversight & execution for all lines of business in Hong Kong and also engage in rollout of initiatives for GITRM.

 

  • Serve as the IS Officer for the business partners to share emerging risks and focus areas with business and technology management teams
  • Implement and monitor corporate IS policies/programs within lines of business, to ensure timely program delivery and manage risk within tolerance
  • Engage with regulators and auditors on Information Security and TRM matters.
  • Work with appropriate chain of command as defined in GITRM & BMO’s policies, standards and procedures
  • Serve as the primary Interface to the Information Security (IS) organization supporting Lines of businesses, operations and technology
  • Partner with the Technology teams to ensure implementation and sustainability of controls
  • Partner with the Supplier risk management team to ensure remediation of risks
  • Develop strong understanding of underlying technical requirements of the technical IS standards, identification of security gaps and provide consultation to the businesses for remediation options
  • Maintain and enhance status as a subject matter expert for all IS matters
  • Partner with the IS Operations team to provide support on investigations and incident response
  • Provide oversight to ensure that processes and projects are completed in a timely manner
  • Monitor risk exceptions, and resolutions, in response to security events, assessment and audit results
  • Maintain and socialize the status of IS program and initiatives within lines of businesses
  • Respond to security events by initiating and coordinating actions needed to protect the business and its clients
  • Provides expert advice to the business on current IS and Cyber threats affecting the business and clients

 

Knowledge and Skills

  • 7+ years of experience in information security or related discipline. Financial industry experience preferred
  • Degree in Engineering - computer science/electrical/electronic/Information Systems or equivalent
  • Information Security Certifications preferred, CISSP, CISM, CISA
  • Ability to prioritize, execute tasks and handle multiple projects concurrently.
  • Ability to communicate and present effectively through a range of mediums, to various audiences, in a way that demonstrates subject-matter knowledge.
  • Strong influencing and negotiation skills with the demonstrated ability to engage and persuade stakeholders to take action and make decisions that aim to further business objectives.
  • Strong service management and service delivery orientation
  • Strong conceptual skills; ability to deal with ambiguity; creativity; lateral thinker