Information Security Consultant

Job Accountabilities

• Support the Greater China Business Information Security Officer (BISO) in strengthening information security governance, risk management and regulatory compliance across China & Hong Kong business units (BUs)
• Identify control gaps and proactively drive remediation activities in collaboration with business and IT stakeholders
• Act as a trusted security advisor, providing consultancy support to business, IT and security initiatives, including major transformation or change programs
• Validate and analyze security metrics provided by Group / APAC team (e.g. vulnerabilities, cloud and application security posture, security capability adoption, awareness levels), and lead remediation efforts at the BU level
• Consolidate, interpret and report regional and BU-level IT security metrics to enable BU management to clearly understand information security risk exposure
• Engage with business and IT teams to coordinate, perform and manage a broad range of security and risk assessment, track assessment findings and drive timely remediation to closure, for the following assessments:
  • Cloud security assessments
  • Third-party and vendor security assessments
  • Business and IT application security assessments (pre- and pro-implementation, major changes, etc.)
  • Regulatory compliance assessments (e.g. local regulations, PCI, GL20, PIPL, CBDT)
  • IT compliance and control assessments, IT risk assessments
  • Thematic or targeted security reviews
• Drive BU-level security awareness and education programs to enhance employee cyber resilience
• Support the Group Cyber Fusion Centre by coordinating and facilitating IT security incident response activities across BUs; assist in incident investigation, containment and forensic activities in collaboration with Group and local stakeholders
• Ensure actionable recommendations from the Group Cyber Threat Intelligence team are implemented effectively at the BU level
• Proactively communicate relevant cyber threat intelligence, alerts and advisories to BUs to improve threat preparedness

Job Qualifications

• Bachelor's degree holder with minimum 6 years of relevant experience in information security
• Qualification in CISSP / CISA / CISM is preferable
• Good knowledge of security concepts and architectures, IT security and compliance controls, operating system platforms and security models, etc.
• Good understanding of holistic set of IT technologies and processes (e.g. operating systems, databases, networking, web/application, change management, SDLC, disaster recovery, etc.)
• Strong communication and presentation skills to cascade the security-related concepts to a broad range of technical and non-technical staff
• Ability to collaborate effectively with teams across multiple geographic locations
• Ability to apply AI solutions with innovation in daily work 
• Language requirements:
  • Excellent command of written and spoken English
  • Fluent in written Chinese and conversational Cantonese
  • Basic or business-level proficiency in spoken Mandarin

Why Zurich

At Zurich, we like to think outside the box and challenge the status quo. We take an optimistic approach by focusing on the positives and constantly asking What can go right? 

We are an equal opportunity employer who knows that each employee is unique - that’s what makes our team so great! 
Join us as we constantly explore new ways to protect our customers and the planet.
 

• Location(s):  HK - Hong Kong 
• Remote working: Hybrid