Share this Job
Apply now »

Information Security Risk & Compliance Consultant


Job Accountabilities

  • Support Business Information Security Officers (BISOs) in performing the information security and risk assessment in APAC region with the global standard risk-based approach, including but not limited to:
    • Cloud security assessment
    • Third-party vendor assessment
    • Business / IT applications assessment (including pre & post implementation reviews)
    • Regulatory assessment (e.g. local regulations, ISO27001, PCI DSS, SOC2, etc.)
    • Remediation action review, analysis and management
    • Themed security reviews
  • Maintain Information Security, Risk and Compliance frameworks, policies and standards for the APAC region
  • Provide governance over and support BISOs in the coordination of regional & local information security gap remediation
  • Perform analysis to identify common themes and drive regional remediation activities
  • Provide advice to BISOs and stakeholders in information security policy compliance requirements
  • Provide advice, governance and support in information security policy exception and risk acceptance processes
  • Work closely with the Information Security Governance (ISG) team in Global Information Security (GIS) to ensure global requirements are communicated to relevant stakeholders and considered in global information security compliance projects
  • Drive and support the global information security governance initiatives in APAC region


Job Qualifications

  • University degree with minimum 5 years of relevant experience in information security or related fields with exposure to multi-national environment
  • Experience in information security consulting and/or IT audit experience is an advantage
  • Qualification / Certification in CISA, CRISC, CISSP and/or CISM is preferable
  • PCI ISA and/or ISO27001 experience/certification is a plus
  • Sound knowledge of IT security and compliance controls
  • Good understanding of holistic set of IT technologies and processes (e.g. operating systems, databases, networking, web/application, change management, SDLC, disaster recovery, monitoring, help desk, etc.)
  • Understanding and experience in PowerBI is preferable
  • Good presentation and influencing skills with ability to communicate security-related concepts to a broad range of technical and non-technical staff
  • Strong report writing skills and pay attention to details
  • Excellent command of written and spoken English



Why Zurich


At Zurich, we like to think outside the box and challenge the status quo. We take an optimistic approach by focusing on the positives and constantly asking What can go right? 


We are an equal opportunity employer who knows that each employee is unique - that’s what makes our team so great! 

Join us as we constantly explore new ways to protect our customers and the planet.

  • Location(s):  HK - Hong Kong 

Apply now »