Security Governance Lead

With NEAT Hong Kong in Hong Kong Island - HK

More jobs from NEAT Hong Kong

Posted on November 25, 2019

About this job

Location options: Paid relocation
Job type: Full-time
Experience level: Lead
Role: System Administrator
Industry: Financial Technology
Company size: 51–200 people
Company type: VC Funded

Technologies

security, risk-analysis

Job description

We're looking for individuals with a strong background in security. You'd advocate for security and privacy across the company, lead governance, risk and compliance efforts while being hands-on yourself and help execute on high-impact company-wide initiatives related to GRC. Most importantly, you should be enthusiastic about working with a variety of backgrounds, roles, and needs. 

Responsibilities:

  • Help secure workflows, products and operations across the company by identifying risk areas, providing recommendations on security and privacy best practices and remediating gaps
  • Perform vendor security assessments and provide recommendations according to industry standard best practices
  • Advocate for security across the company
  • Manage relationships with security relevant external parties
  • Help define the roadmap for various security, IT and security software engineering teams
  • Manage 3rd party pentesting and bug bounty programs
  • Create policies and procedures around security, data governance, and risk
  • Build metrics to track security defects and automate collection of security information to derive metrics
  • Ensure that disaster recovery and business continuity plans are in place and tested
  • Review and approve security policies, controls and cyber incident response planning
  • Approve and oversee identity and access management (IAM) policies
  • Understand the IT threat landscape for the industry
  • Schedule periodic security audits
  • Conduct security awareness training to all personnel and enforce compliance
  • Conduct electronic discovery and digital forensic investigations
  • Useful to possess any of: CISA, CISM, CISSP  

What We Value:

  • Deep understanding (or willingness to learn) of compliance standards e.g. SOC2, GDPR, PCI, CCPA, FINRA etc. 
  • Familiarity with compliance, security & risk assurance
  • Overall, a large breadth of security knowledge
  • Have strong written and verbal communication skills, with a talent for precise articulations of customer problems 
  • Taking pride in working on projects to successful completion, involving a wide variety of technologies and systems 
  • Holding yourself and others to a high bar when working with production systems 
  • Stitching many different services and processes together, even if you have not worked with them before Thriving in a collaborative environment, filled with a diverse group of people with different expertise and backgrounds

Apply here