Head of Information Security & Business Continuity Management (Asia)

Job Description

EFG's Information Security and BCM team, led by the Group CIO, establishes and coordinates global information security strategy, initiatives, and standards across EFG International. The team conducts security risk assessments, manages vulnerability and threat programs, and oversees security awareness and training. It safeguards EFG's infrastructure, applications, and data against breaches. Additionally, it strengthens the bank's defenses through robust Business Continuity Management, supporting operational resilience and coordinated incident response.

Main Responsibilities

The main tasks include:

• Support and implement EFG’s information security strategy and programs to ensure alignment with local business objectives.
• Regional leadership in information security in Singapore and Hong Kong, serving as the Singapore and Hong Kong Information Security Officer.
• Management of information security programs overseen by the head office, and serving as the primary point of contact for regulatory inquiries, audits, and incident management.
• Stay up to date on regulatory changes and industry trends; conduct gap analyses of regulatory documents, circulars, and guidelines; and recommend implementation strategies.

Risk Management, Compliance, and Audit

The tasks include:

• Identifying, assessing, and managing regional information security risks and vulnerabilities; implementing preventive measures to address these risks.
• Conduct regular security assessments and audits to ensure compliance with internal, regulatory, and industry-specific requirements; ensure that audit findings are resolved in a timely manner.
• Developing and maintaining local security policies, procedures, and standards that are coordinated with the head office and regulatory authorities.

Stakeholder Engagement, Communication, and Training

The tasks include:

• Building and maintaining relationships with stakeholders, customers, executives, regulatory authorities, and head office teams.
• Monitoring and management of security communications from the head office and regulatory authorities.
• Conducting safety awareness and training programs for employees, and monitoring and reviewing safety-related stakeholders.

Skills and experience

The requirements include:

• Bachelor's degree in computer science, information technology, or a related field.
• Over 10 years of experience in information security, with extensive knowledge of security policies, practices, and technologies.
• Experience in designing and implementing corporate security programs.
• Practical experience in incident management and response.
• Management experience, including leading and influencing virtual/remote teams.