Business Information Security Officer (Cybersecurity)

TL;DR

Business Information Security Officer (Cybersecurity): Providing governance and oversight of information security controls across China and Hong Kong business units with an accent on regulatory compliance and risk management. Focus on embedding security-by-design principles, managing cyber risk exposure, and collaborating with global incident response teams.

Location: Hybrid, Hong Kong

Company

A global insurance provider focused on protecting customers and the planet through an optimistic and innovative approach.

What you will do

• Oversee information security controls across China and Hong Kong to ensure compliance with internal policies and regulatory standards.
• Act as the local SME for global risk management and control assurance frameworks.
• Influence business units to adopt Security by Design principles across all IT projects and BAU activities.
• Provide security risk insights, reporting, and dashboards to the Executive Committee and the Board.
• Partner with Risk Management to assess and monitor regional cyber risk exposure.
• Collaborate with Global Cyber Incident Response and Threat Intelligence teams to handle forensic activities and emerging threats.

Requirements

• Bachelor's degree and minimum 10 years of professional experience in information security.
• Experience leading teams in complex matrix environments across multiple geographic locations.
• Certification in CISSP, CISA, or CISM.
• English: Excellent command (written and spoken).
• Chinese: Fluent written, conversational Cantonese, and business-level Mandarin.
• Strong stakeholder management and presentation skills.

Culture & Benefits

• Innovative environment that encourages challenging the status quo.
• Positive, optimistic corporate culture focused on "What can go right?".
• Equal opportunity employer valuing individual uniqueness.
• Commitment to sustainability and corporate responsibility.
• Hybrid work model.