Head of Information Security & Business Continuity Management (Asia)

Job Description

EFG's Information Security and BCM team, led by the Group CISO, develops and coordinates the global information security strategy, initiatives, and standards within EFG International. The team conducts threat and risk analyses, manages vulnerability and threat programs, and protects EFG’s infrastructure, applications, and data from attacks, malware, third-party risks, and cyberattacks. In addition, it strengthens the bank’s resilience through robust business continuity management, supports operational resilience, and coordinates incident response. The Information Security & BCM Head Asia reports to the Regional CISO and has a functional line to the Group CISO. He/she will (i) identify regional risks, threats, and vulnerabilities in the SG and HK branches; (ii) close gaps against local laws, regulations, and industry practices; (iii) develop information security controls for the region and adapt procedures and programs to local culture and laws; and (iv) ensure compliance with global Business Continuity Management guidelines while implementing BCM best practices in accordance with local regulatory requirements.

Main tasks

- Strategy, Governance, and Leadership - Risk Management, Compliance, and Audit - Access Governance and Risk Management - Stakeholder Engagement, Communication, and Training

Strategy, Governance, and Leadership

• Support and implement EFG's information security strategy and programs to ensure alignment with local business objectives.
• Regional leadership in information security in Singapore and Hong Kong; serving as Information Security Officer for Singapore and Hong Kong.
• Providing information security programs for headquarters and serving as the primary point of contact for regulatory inquiries, inspections, and audits.
• Staying up to date on regulatory changes and industry trends; conducting gap analyses of regulatory documents, circulars, and guidelines; and promoting compliance across the region.

Risk Management, Compliance, and Audit

• Identifying, assessing, and managing regional information security vulnerabilities and risks; ensuring that preventive measures are in place to address these risks.
• Conducting threat analyses and audits to ensure compliance with internal, regulatory, and industry requirements; ensuring that audit deadlines are met on time.
• Collaborate on operational resilience and business continuity planning (BCP) as the local BCM lead to ensure internal and external incident management and incident reporting.

Access Governance and Risk Management

• Monitoring the timely completion of all IT-related user access reconciliations.
• Approval and regular review of privileged access for business and IT users; recently, IT administrator and technical account access to locally and regionally managed infrastructure.
• Ensuring the separation of duties and access controls to protect data.

Stakeholder Engagement, Communication, and Training

• Building and maintaining relationships with stakeholders, customers, executives, regulatory authorities, and headquarters