Business Information Security Officer, Greater China

Job Accountabilities

• Provide effective governance and oversight of information security controls across China and Hong Kong business units, ensuring compliance with internal policies, regulatory requirements and industry standards
• Act as the local Information Security Subject Matter Expert for Zurich's global risk management and control assurance frameworks, ensuring these frameworks are well understood and effectively executed at the local level
• Ensure the Group Cyber & Security and APAC Information Security strategies are clearly understood, communicated and embedded by local Senior Management and key stakeholders
• Influence and shape business units' (BU) culture to ensure Security by Design principles are consistently adopted across all IT projects and business-as-usual (BAU) activities
• Provide transparency, insight and education to Executive Committee members, Senior Management and the Board on key information security topics and risk exposure
• Be responsible for the regional and BU-level information security reporting and dashboards to enable management to make informed risk-based decisions
• Partner closely with Risk Management to assess, monitor and report cyber risk exposure across BUs
• Review BU deliverables under global risk and assurance frameworks to ensure accuracy, completeness and quality
• Ensure BU compliance with applicable information security regulations and regularly test the effectiveness of related controls
• Design and drive BU-level security awareness and education programs to strengthen cyber resilience and promote secure behaviors
• Closely work with Global Cyber Incident Response team to support incident investigation and forensic activities to ensure timely containment, analysis and resolution
• Participate in industry forums and engage with local regulators to identify emerging cyber threats relevant to China and Hong Kong
• Collaborate with Global Cyber Threat Intelligence team to evaluate threats and ensure appropriate response actions are implemented at BU level
• Coach and mentor the regional and local team members to support career development and succession planning

Job Qualifications

• Bachelor's degree holder with minimum 10 years of professional experience in information security area
• Experience in leading teams in a complex matrix environment across multiple geographic locations
• Strong risk management and information security skills
• Qualification in CISSP, CISA, CISM
• Strong in stakeholder management with excellent presentation skills
• Ability to be a change agent to transform and streamline an organization and enhance capabilities to meet current and future business drivers
• Language requirements:
  • Excellent command of written and spoken English
  • Fluent in written Chinese and conversational Cantonese
  • Basic or business-level proficiency in spoken Mandarin

Why Zurich

At Zurich, we like to think outside the box and challenge the status quo. We take an optimistic approach by focusing on the positives and constantly asking What can go right? 

We are an equal opportunity employer who knows that each employee is unique - that’s what makes our team so great! 
Join us as we constantly explore new ways to protect our customers and the planet.
 

• Location(s):  HK - Hong Kong 
• Remote working: Hybrid