Information Security Grc Analyst

The team comprises of multiple functions from Blockchain Security, Operational Security, Security Governance and Compliance and more. We drive a culture of having a growth mindset and being humble to help everyone achieve their potential. Security and Data Privacy Compliance first strategy which has been at the core of our company. The security team helped to drive us to be the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301 and PCI:DSS 3.2.1 (Level 1) certifications. Extremely detailed third party attested by international audit firm SGS and achieved "Adaptive (Tier 4)” - the highest level possible for the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework as well as SOC2 and many other regional certifications like the Data Protection Trust Mark.

As our Information Security Analyst, you will be participating in the Global Information Security Governance, Risk Management and Compliance (GRC) team based in Hong Kong responsible for ensuring the firm’s information security governance, risk, and compliance are enforced and managed systematically, and monitoring key trends and emerging risks that could potentially affect the firm’s overall security and privacy posture. The GRC team operates in a fast-paced and dynamic environment and utilizes the best industry frameworks to effectively identify, evaluate, monitor and manage the firm’s technology and information security governance, risk and compliance issues in support of the firm’s growth and strategic plan.

**Responsibility**:

- Support the delivery of global security governance, risk management and compliance strategies
- Support and maintain a security compliance framework across global entities that can align with the company’s compliance and Internal audits requirements
- Support governance over information security policies, processes, standards and procedures
- Participant in regulatory compliance assessment in accordance with regulations and circulars from different countries
- Participant in external and internal audits, such as ISO 27001, NIST, PCI-DSS, SOC 2 Type 1/2 and other security compliance projects
- Involve maturity model and track of information security controls
- Support global security governance and compliance process
- Support security questionnaire from internal/external security audit and organize/document the common answers and approaches for future audits
- Assist security risk management within the business units

**Requirements**:

- Bachelor's degree or higher in information technology, cyber security or related field
- 3+ years of experience in a information security role
- Strong leadership and excellent communication skills
- Understanding of Information Risk, security control, data privacy related regulations (e.g. CCPA, SG PDPA, EU GDPR) within the financial services and banking industry
- Strong knowledge and practical working experiences in delivering global projects of international data privacy and information security frameworks including NIST Cybersecurity & Privacy Framework, ISO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS, ISAE 3000, ITIL, and COBIT as well as experience in IPO and M&A
- Demonstrable work experience delivering effective business and technical security solutions, processes, tools, and high performing teams
- Good working knowledge of the latest information technology security trends and emerging threats is essential
- Experience in implementing risk management principles and methodologies within a security or technology function
- Good project management experience and skills
- Strong analytical and problem-solving skills are must-have
- Having one of the below security or privacy qualification is a plus - CRISC, CISSP, CCSP, CISM, CISA, ISO 27001 Lead Auditor, IAPP CIPP / CIPM, OSCP, SANS
- An understanding of cloud infrastructure technologies and associated risks would be beneficial

LI-MK1

LI-Hybrid

Empowered to think big. Try new opportunities while working with a talented, ambitious and supportive team.

Transformational and proactive working environment. Elevate employees to find thoughtful and innovative solutions.

Growth from within. We help to develop new skill-sets that would impact the shaping of your personal and professional growth.

Work Culture. Our colleagues are some of the best in the industry; we are all here to help and support one another.

One cohesive team. Engage stakeholders to achieve our ultimate goal - Cryptocurrency in every wallet.

**_ Are you ready to kickstart your future with us?_**

**Benefits**

Competitive salary

Medical insurance package with extended coverage to dependents

Attractive annual leave entitlement including: birthday, work anniversary

Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up

Aspire career alternatives through us. Our internal mobility program can offer employees a diverse scope.

**About***:
Personal