Head of Information Security & Business Continuity Management (Asia)

Job Description

EFG's Information Security and BCM team, led by the Group CIO, establishes and coordinates global information security strategies, initiatives, and standards across EFG International. The team conducts security risk assessments, manages vulnerability and threat programs, and oversees security awareness and training. It safeguards EFG's infrastructure, applications, and data against cyber threats. Additionally, it strengthens the bank's defenses through robust Business Continuity Management, supporting operational resilience and coordinated incident response.

Main Responsibilities

The main tasks include:

• Strategy, Governance, and Leadership
• Risk Management, Compliance, and Audit
• Access Governance and Secure Operations
• Stakeholder Engagement, Communication, and Training
• Placement, Development, and Resource Management

Strategy, Governance, and Leadership

• Support and implement EFG's information security strategy and programs to ensure alignment with local business objectives
• Regional leadership in information security in Singapore and Hong Kong, as the Singapore and Hong Kong Information Security Officer
• Managing information security programs directed by headquarters and serving as the primary point of contact for regulatory inquiries, audits, and incident management
• Staying up to date on regulatory changes and industry trends; conducting gap analyses of regulatory documents, circulars, guidelines, and standards

Risk Management, Compliance, and Audit

• Identifying, assessing, and managing regional information security risks and vulnerabilities; ensuring that preventive measures are in place to address these risks
• Conducting regular security audits and assessments to ensure compliance with internal, regulatory, and industry-specific requirements; ensuring that audit findings are resolved in a timely manner
• Developing and maintaining local security policies, procedures, and standards that are coordinated with headquarters and regulatory authorities

Requirements

• Bachelor's degree in computer science, information technology or a related field
• Over 10 years of experience in information security, with extensive knowledge of security policies, practices, and technologies
• Proven experience in designing and implementing corporate security programs
• Practical experience in incident management and response
• Proven leadership experience, including the ability to lead and influence virtual/remote teams
• Excellent communication and stakeholder engagement skills
• Proven track record of working with regulatory agencies and government bodies
• Experience in ICT risk management and business continuity
• Industry certifications (e.g., CISSP, CISM, CRISC) are preferred