Head of Information Security & Business Continuity Management (Asia)

Job Description

EFG’s Information Security and BCM teams, led by the Group CISO, establish and coordinate global information security strategies, initiatives, and standards within EFG International. The team conducts security risk assessments, manages vulnerability and threat programs, and is responsible for security awareness and training. It protects EFG’s infrastructure, applications, and data from breaches, mitigates security risks and cyberattacks. In addition, it safeguards the bank’s operations through robust business continuity management, supports operational resilience, and coordinates incident response. The Information Security & BCM Head Asia reports to the Regional CCOO with a functional line to the Group CISO and will: (1) identify regional risks, threats, and vulnerabilities in the SG and HK branches; (2) address gaps against local laws, regulations, and industry practices; (3) develop and deploy information security controls to adapt regional risks and procedures to local culture and laws; (4) ensure compliance with global business continuity management guidelines while adopting BCM best practices in accordance with local regulatory requirements.

Main responsibilities

- Strategy, Governance, and Leadership - Risk Management, Compliance, and Audit - Incident Management and Response - Stakeholder Engagement, Communication, and Training

Strategy, Governance, and Leadership

• Support and implement EFG's information security strategy and programs to ensure alignment with local business objectives.
• Technical leadership in information security in Singapore and Hong Kong, serving as the Information Security Officer for Singapore and Hong Kong.
• Developing and implementing information security policies as specified by headquarters, and serving as the primary point of contact for regulatory reviews, inspections, and investigations regarding regulatory changes and industry trends; conducting gap analyses of regulatory, policy, procedural, and policy-related requirements and recommending improvements.

Risk Management, Compliance, and Audit

• Identifying, assessing, and managing regional information security risks and vulnerabilities; implementing preventive measures to address security gaps; and meeting audit and compliance deadlines in a timely manner.
• Conduct regular security assessments and audits to ensure compliance with internal, regulatory, and industry-specific requirements, and promptly follow up on audit findings with the Head of Regional and Operations.
• Collaboration on operational risk and business continuity (BCP), serving as the local BCM officer for internal and external incident management and monitoring.

Incident Management and Response

• Lead and coordinate incident response efforts on-site and regionally in close collaboration with the CISIRT Head Office, including near-miss incidents and threat analyses.
• Investigating data security breaches, implementing remedial measures, and overseeing the annual cybersecurity incident drill for SG and HK.
• Collaborate with Group Information Security to provide monitoring tools to protect banking information.
• Review of operating procedures.

Stakeholders