Retail Technology Asia (RTA) is a cloud-based digital retail service company headquartered in Hong Kong. We have world-leading SaaS technology. We are looking for a professional Cyber Risk and Compliance specialist to join our Cyber Security team and govern our cybersecurity compliance.

The Job

• Responsible for team and vendor resources management for Governance, Risk and Compliance functions
• Develop and maintain security policies standards, procedures, and guidelines
• Conduct review, attestation, and assurance
• Responsible for security standard certification and compliance
• Review and manage non-compliance exception
• Maintain security risk register and oversee treatment plan
• Conduct security awareness education & training
• Provide security policy, standards, compliance related advice
• Maintain Business continuity and disaster recovery plan and conduct associated drills

The Person

• Bachelor’s degree or above in Computer Science, Information Technology, Information Security, Cyber Security, Cyber and Technology Risk Management, Security Compliance or related discipline
• Holder of at least 1 certification in CISA, CISSP, CISM, CRISC, CCAK or equivalent
• At least 6 years working experience in IT technical roles or audit with no less than 3 years of hands-on experience in security governance, development of security policies, standards and procedures, security compliance and risk management related work
• In-depth Knowledge in ISO27001, ISO27002, ISO27017, ISO27018, SOC2/SOC3, PCIDSS, GDPR, PDPO, CSA CCM, CSA STAR program, NIST CSF, CIS Critical Control, CIS Hardening Benchmark, OWASP and Cyber Security Laws
• Knowledge and experience in conducting security assessment, assurance and compliance review on containerized applications and SaaS infrastructure in Microsoft Azure and other cloud technologies
• Knowledge and experience in defining, monitoring reporting KRI matrices
• Knowledge and experience in conducting business continuity and disaster recovery planning and drills
• Knowledge and experience in conducting security awareness training program
• Knowledge and experience in conducting risk assessment and oversee treatment plan
• Good EQ and ability to handle high pressure situation with key stake holder
• Excellent presentation skills and attention to details
• Self-motivated and can work independently
• Innovative and can adopt quickly to change
• Good problem solving and inter-personal skills
• Good coordination and collaboration skills
• Excellent communication and leadership skills. Can communicate effectively in English, Cantonese, and Mandarin

Candidate who has less experience could consider as Cyber Risk & Compliance Officer .

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.