Information security and Business Continuity Risk Management 資訊安全暨營運持續風險管理人員 (prudential)

Job Description

Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

1. 協助落實保誠集團總部和區域總部對於資訊暨隱私風險管理之要求
2. 協助落實保誠集團總部和區域總部對於營運持續風險管理之要求
3. 協助或執行資訊暨隱私風險管理年度計畫之要求
4. 協助或執行營運持續風險管理年度計畫之要求
5. 協助或執行法令要求之相關作業 (年度風管部門內控自行查核、法令遵循自行評估、資訊公開管理辦法等)，以確保相關法令之遵循
6. 協助或執行保誠集團總部和區域總部資訊安全專案的溝通協調、推動與監控。
7. 協助或執行本公司新增業務需求及資訊專案之資訊安全評估及諮詢。
8. 協助準備資訊風險管理小組和緊急應變暨回復小組之會議及其他行政相關業務

Job Responsibilities:

As a team member of the information security and business continuity risk team, you will be supporting PCALT to:

• Support assurance and oversight on the effectiveness of controls and procedures within PCALT to ensure compliance with internal control systems, regulatory, global, and local specific policy requirements, and the standards and management processes related to information security risk, privacy risk, and business continuity management.
• Support and execute various global or internal project activities (including technical and managerial aspects).
View Orignal JOB on: italents.net
• Perform maintenance and operation tasks for Information Security Management System (ISMS), Personal Information Management System (PIMS), Business Continuity Management System (BCMS), or other international management systems.
• Assist with internal and external audits, internal control/legal compliance audits, and follow-up on deficiency handling.
• Monitor various information security reports and implementation status, and assist in tracking and responding to vulnerabilities, intelligence, and alerts.
• Conduct assessments and reviews of information technology risks.
• Perform security compliance reviews, technical architecture confirmations or recommendations, and risk assessments for business processes or projects.
• Assist with company level business continuity related activities, such as office drill, IT DR drill, BIA, etc.
• Assist with training and awareness programs for risk culture and related topics.
• Assist with financial and budget management, as well as various departmental affairs.
• Second line role within risk function.
• Individual contributor without management responsibilities.
   

Experience and Qualification:

• Over 5 years of practical experience in information security, IT governance/risk, privacy risk, Business Continuity Management (company level), IT or related fields. Experience in the financial industry is preferred.
• Understanding of financial and insurance industry regulations and supervisory systems, with a good internal control and compliance concepts and practices.
• Good understanding or interest in IT application systems/cloud technologies/infrastructure and related technical security controls and architectures needed to mitigate the risks.
• Above intermediate English listening, speaking, reading, and writing ability, and good Chinese writing and reading skills (English CV is required in addition to Chinese CV).
• Desired personal qualities and soft skills include:
  • Ability to work in a team.
  • Communication and coordination skills.
  • Project planning & management
  • Analytical mindset.
  • Prudent and attentive to work deliverables and prioritize according to needs.
  • Capable of multitasking.
• Willingness to accept a hybrid working model (office and remote), with experience in remote team collaboration being a plus.
• Desirable traits which will be an added advantage:
  • Known as an SME in own functional area and is often sought out after for advice/consultation.
  • Programming background.
  • Practical business continuity management experience in insurance or financial industry.
  • Possession of information security, IT-related, or BCMS related certifications.
  • Familiarity with advanced Microsoft applications (e.g., PowerBI/SharePoint integration) and data analysis skills.

Examples of certifications:

• IT Governance / IT Service Management: ITIL related, ISO 20000 L.A., CGEIT
• Software and Application Development: DevOps Engineer Professional, Google DevOps Engineer, Microsoft related certifications
• IT Architecture/Cloud/Network: Microsoft Certified Azure Solution Architecture Expert, (ISC)2 CCSK, CompTIA Cloud Essentials
• IT Risk Management: CRISC
• IT Audit: CISA
• Project management: PMP
• BCMS: ISO 22301 L.A.
• IT/Information Security: CISSP, CISM, CompTIA Security

 

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.