The country CISO (Chief Information Security Officer) in China is responsible to coordinate locally on the application of group cybersecurity policies and standards in line with local regulations. The CISO is responsible for implementing, enhancing and overseeing the information security framework locally with strong synchronisation with regional Cybersecurity experts and functional reporting to regional CISO. The position is also embedding the role of CIO for a foreign bank China entity (Regulatory facing role), as double hatting.

Main Responsibilities as CISO:

1. Lead internal response on Cybersecurity towards regulatory requests, RISQ / audit /inspection or regular submissions ensuring timely and accurate reporting and communication

2. Monitor and ensure compliance (coordinate gap analysis and follow-up remediation plans) against local regulations, global policies, and standards related to Cybersecurity

3. Responsible for the local implementation of the regional Cybersecurity remediation program aiming to reinforce prevention, protection, detection and response capabilities

4. Lead response to local Cybersecurity incidents in coordination with the regional incident response team

5. Support local Business Units and Service Units in their transformation by providing adequate guidance on Cybersecurity subjects in liaison with regional Cybersecurity experts.

6. Work with all the local Business Units and Service Units to determine possible cyber risks and relevant mitigation

7. Evaluate and manage local security exceptions in alignment with global standards

8. Deliver relevant awareness and training adapted to the current threat landscape. Maintain and continuously improve the bank's cyber defence capabilities through operational monitoring of anomalies, incident management

9. Definition and implementation of local Cybersecurity governance in alignment with local regulation, global and regional standards and practices

10. Ensure alignment with regional CISO on Cybersecurity strategy, objectives and initiatives including interactions with regulators

Main Responsibilities as CIO:

- In partnership with local and regional cluster heads, ensuring strategic alignment between the China Technology unit and Regional/Global BU/SU

1. Organise the unit to adhere to strategic group, business, regional and local objectives.

2. Provides strategic and leadership support to the technology teams and managers (act as a servant leader).

3. Develop partnerships with the business China BU (mostly GTPS), and other local/regional functions

(Compliance, Finance, Risk, other T&O units).

1. Bachelor Degree in Information Technology or equivalent

2. Professional qualifications in information security management such as CISSP, CISM, CISA

3. Experienced Security Expert with 10+ years of relevant experience

4. At least 10 years in banking or relevant industries

5. IT system development and maintenance are preferred.

6. Solid understanding of information security concepts, frameworks, standards and best practices, IT infrastructure and IT applicative framework architectures.

7. Strong knowledge of the cyber threat landscape, attack methods, vulnerabilities, common exploits and mitigation techniques, local and global regulations and requirements.

8. Proven ability to interact with regulators and other external parties on information security matters

9. Excellent English verbal and written communication skills, experience of influencing at senior organisational levels, up to and including MD level

10. Client-oriented mindset, results-driven, proactive and quick to react to requests

11. Innovative and bringing new ideas to improve processes.