Head of Information Security & Business Continuity Management (Asia)

Job Description

EFG's Information Security and BCM team, led by the Group CISD, establishes and coordinates global information security strategy, initiatives, and standards across EFG International. The department conducts security risk assessments, manages vulnerability and threat programs, and is responsible for security awareness and training initiatives. It protects EFG’s infrastructure, applications, and data from breaches, cyberattacks, malware, third-party risks, and cyber threats. In addition, it strengthens the Bank’s defenses through business continuity management to support operational resilience and a coordinated response to incidents.

Main tasks

The main responsibilities of the Head of Information Security & BCM for Asia include:

• Support and implement EFG’s information security strategy and programs to ensure that they align with local business objectives.
• Leadership and management of information security in the Singapore and Hong Kong regions.
• Manage information security programs as directed by headquarters and serve as the primary point of contact for regulatory inquiries, audits, and incident management.
• Stay up to date on regulatory changes and industry trends; conduct gap analyses of regulatory documents, circulars, and guidelines; and provide recommendations.

Risk Management, Compliance, and Audit

The tasks in this area include:

• Identify, assess, and manage regional information security risks and vulnerabilities; ensure that preventive measures address these gaps.
• Conduct regular security audits and assessments to ensure compliance with internal, regulatory, and industry-specific requirements; ensure that audit findings are resolved in a timely manner.
• Develop and maintain local security policies, procedures, and standards that are consistent with headquarters’ requirements and standards; coordinate with the local head of risk management and regulatory authorities.

Stakeholder Engagement, Communication, and Training

The tasks in this area include:

• Building and maintaining relationships with stakeholders, including customers, executives, regulatory authorities, and headquarters teams.
• Monitoring and management of safety communications from headquarters and regulatory authorities.
• Managing employee security awareness and training programs; using monitoring tools to protect banking information.

Requirements

The requirements for this position include:

• A degree in computer science, information technology, or a related field.
• Over 10 years of experience in information security, with extensive knowledge of security policies, practices, and technologies.
• Proven experience in designing and implementing corporate security programs.
• Practical experience in incident management and incident response.
• Proven leadership skills, including the ability to lead and influence virtual/remote teams.
• Excellent communication and stakeholder engagement skills.