Position Overview
Our client, a leading securities firm, is seeking a Head of Cyber & Data Security Governance to join its IT Security leadership team in Hong Kong. Reporting directly to the Group CISO / Head of Information Security, this strategic leader will be responsible for architecting and managing the enterprise-wide data and cybersecurity governance framework. The successful candidate will drive complex initiatives, ensure global regulatory compliance, and manage the security portfolio for an organization with a sophisticated multi-cloud and cross-border footprint.
Key Responsibilities
Framework & Strategy Architecture: Design, revise, and implement the enterprise cybersecurity and data security frameworks, including all underlying policies, standards, and handling procedures.
Lifecycle Data Governance: Establish a comprehensive governance framework covering the entire data lifecycle—from management and protection to Data Leakage Prevention (DLP).
Regulatory Compliance: Ensure the organization’s infrastructure, applications, and data systems strictly adhere to international and regional regulations, including GDPR, MAS, ISO 27001, NIST, and Mainland China’s Data Protection Laws (PIPL/DSL).
Audit & Assessment Leadership: Maintain constant audit readiness and serve as the primary point of contact for compliance assessments, external audit inquiries, client security questionnaires, and regulatory inspections.
Risk Management: Identify and prioritize organizational cyber risks; build and deploy robust mitigation frameworks that align with business objectives.
Vulnerability Governance: Lead the governance of the vulnerability management program in close collaboration with Application and Platform Engineering teams.
Cloud Governance: Establish a specialized governance framework to manage a sophisticated multi-cloud strategy involving AWS, Azure, and Alibaba Cloud.
Reporting & Analytics: Develop and maintain executive-level dashboards and regular reports regarding governance, risk posture, and compliance status.
Portfolio Management: Assist in the overarching management of the IT security project portfolio, ensuring initiatives are delivered on time and within budget.
Professional Requirements
Education: Bachelor’s degree or higher in Computer Science, Information Security, Engineering, or a related technical discipline.
Experience: A minimum of 15 years of progressive experience in IT Security, Cyber, and Data Governance, ideally within the financial services or investment sector.
Technical Breadth: Demonstrated familiarity with modern security stacks, including:
Network Security (Firewalls, WAF, Web Gateway).
Endpoint Protection & SIEM/Threat Hunting.
Identity & Access Management (IAM) and Application Whitelisting.
Cloud Security and O365 security protocols.
Leadership & Project Management: Proven ability to lead cross-functional teams and drive high-stakes projects involving multiple knowledge domains and stakeholders.
Languages: Absolute fluency in English and Mandarin (Putonghua) is mandatory due to the regional nature of the role and frequent interaction with mainland stakeholders.
Certifications: Professional certifications are highly desirable (e.g., CISSP, CISM, CISP, or ISO 27001 Lead Implementer/Auditor).
Core Competencies
Proactive Mindset: A self-starter who can work independently and drive results in a dynamic environment.
Communication: Exceptional interpersonal skills with the ability to navigate complex stakeholder relationships.
Attention to Detail: Meticulous approach to documentation, audit trails, and regulatory mapping.
If this outstanding opportunity sounds like your next career move, please submit through "Apply Now" or send your resume in Word format to Lu Zhang at resume@pinpointasia.com and put Senior Cyber Security Manager – Leading Securities Firm - J12565 in the subject header.
Data provided is for recruitment purposes only.