---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: CISO
Location: Hong Kong, , JP
Type: Permanent F/T
Closing Date: 06/20/2005
Position: Chief Information Security Officer - Asia-Pacific
Type: Full time
Reports to: CIO (Asia Pacific) and CISO (Global) and to COO (Asia Pacific)
as required
Overview
The Chief Information Security Officer - Asia Pacific is responsible for the
management of the IT Security Operations (IS) and IT/IS Audit Liaison within
the region.
In addition the Officer is responsible for:
The maintenance of a secure environment on each computing platform used within
this global Investment Bank through compliance with the principles set forth in
the Information Security Policy. This includes the development and application
of standard procedures with respect to the provision of access rights and the
regular monitoring and review of the environment.
JOB REQUIREMENTS
---------------------------------------------------
Identification, implementation and management of internal, external and
regulatory Audit requirements within the region, conforming to the overall
Banks requirements.
Identification and management of legal and regulatory constraints on IT within
the region.
Ensuring that regional concerns are correctly raised at group level, and that
global policies and procedures reflect, or at least have been informed by,
regional expertise and requirements.
General Information Security Management
To maintain an overview of IS Operations staff and/or functional resources
within the region, including day to day reporting and review.
To handle status and progress reporting to the global IS Operations function.
To raise awareness in Regional management of the activities of IS/Controls
Management and to report on progress
To manage staff awareness of IT Security good practice
To act as service manager for the activities of IS Operations and Audit Liaison
within the region
To contribute to the budgeting process for IS Operations on behalf of
activities within the region
To act as the initial focus for IS and Audit Liaison/Controls Management
procedures within the region, working with Global IS Management and IT globally.
Security Risk Analysis and Management
To be the primary point of contact for IT/IS related issues to the local
Operational Risk team
To assist development and support teams in providing pro-active guidance,
instruction and assistance in ensuring that new products meet or exceed the
bank or regulators controls requirements
To provide first line consultancy and guidance for policy and risk related
issues and liaison with the Global team for 2nd tier assistance and support
To work with IT staff to ensure products are verified and reviewed using the
Banks tools as appropriate
To provide a minimum of first line computer forensic capability as well as
liaison with the Global team for second line work
To provide audit and operational risk reporting on a local and as required
global basis
To work and liaise with the DR/BCP co-ordinators to ensure controls consistency
To work with the Firewall and networks teams to ensure that policies,
procedures and findings are being actively managed
To manage the local Computer Security Incident Response Team (CSIRT) and to
effectively liaise with the global team
Legal and Regulatory Risk to IT
To identify and manage areas of legal risk to IT
In particular, to manage the processes and controls associated with the
Personal Information Protection Act (PIPA) and other data protection
requirements
To review global security policies and to ensure that there are no legal or
regulatory issues local to Asia Pacific that might impact on policy proposals.
Monitoring & Testing
To provide consistent oversight and management monitoring of a centralised
Security Administration and Monitoring function within the region. The team
will be responsible for the other activities described below.
To manage the implementation of minimum access controls for the platforms in
accordance with the Information Security Policy principles.
To undertake an access control review for all users on a regular basis
To review of privileged user access on a monthly basis.
To review of security logs as appropriate.
To follow up security violations with user management, the ISM, and other
departments as necessary to:
Assess the scope and effects of the security breach Salvage damaged or
contaminated equipment Clean or recover information and systems and Restore
information, systems and services.
To review access to the platforms by third parties and the implementation of
procedures to ensure that formal agreements and appropriate access controls are
in place prior to access being granted.
To apply dual control in sensitive applications at the request of authorised
management.
To work with the Global team to implement automation tools to streamline and
facilitate the above functions.
Audit Liaison and Controls Management
To own, manage and control all IT/IS related audits, whether they are internal,
external or regulatory
To provide co-ordination on these audit issues globally
To provide best practice solutions to pro-actively and re-actively address
audit or control issues
Have a broad technical understanding of the operating systems and applications
within IT and IS
To be the primary point of contact on all IT/IS related Compliance issues
Skills and experience
A Graduate with preferably at least five experience of Financial Services
industry experience.
Two years management experience.
Understanding of security administration and audit/controls and techniques.
Preferably experience of having established a security administration or Global
Audit Liaison function
Technical awareness of various technical platforms including:
Networks
Firewalls, configuration and installation
Windows NT and Netware
Unix
Intruder detection software and techniques
JAVA, CORBA and Active X
Internet security
Knowledge of the latest physical and technical risks facing Investment Banks
and IT.
Awareness of the latest hacking techniques and counter measures, e.g., SYN
attacks, buffer overflow attacks etc.
Awareness of vulnerability analysis tools, installation and maintenance, e g.
ISS, NESSUS, NMAP
Experience of working with IT developers and IT users as well as business users
within the banking sector.
Good oral and written presentation skills.
Team management skills
Setting up and managing budgets.
Writing security administration documentation
Knowledge of written and spoken Japanese is strongly preferred (as most
regulatory guidance is only available in Japanese)
Knowledge of regulatory procedures and processes of at least some of the
following is strongly preferred:
The Japanese Financial Services Agency (FSA)
The Bank of Japan (BoJ)
The Monetary Authority of Singapore (MAS)
China Securities Regulatory Commission (CSRC)
CONTACT
---------------------------------------------------
In the first instance, please email (in the strictest of confidence) resumes
outlining career history to date, together with contact details to the
following:
peter.gains@stghn.com
Peter Gains
Director
St. George's Harvey Nash
peter.gains@stghn.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
