As Hyphen Group’s Information Security Risk Manager, you will be responsible for performing risk assessment on application and infrastructure systems to identify and address risk areas and non-compliance to technology information security policies, standards, and regulatory requirements.
You will quickly understand our cyber security posture and assess Hyphen Group’s security requirements regarding information security design, architecture (e.g., blueprints applicable both to application and infrastructure) and implementation.
If you are:
Conduct security risk assessments and define information security requirements on projects, existing business and technology processes, cloud-based applications/infrastructure, and other types of information systems.
Service Provider and Vendor assessment - Identify security operations gaps, processes, associated risks, and mitigation strategies in Hyphen Group outsourced service provider, vendors, and partners environment.
Define, collect, and report technology Key Risk Indicators (KRI) / Key Control Indicators (KCI) and metrics that are relevant for management review.
Evaluate trends from defined KRIs / KCIs and compliance metrics to identify improvement in IT/Business processes and procedures.
You will be supporting all Hyphen Group’s markets that we operate in the region in terms of information technology security requirements, regulatory requirements, penetration, and vulnerability findings.
You will be hands on for this role in terms of required technology and security controls, understanding how regulatory requirements are implemented in all different markets we operate. Including explanation on the technical details and how they can remediate the risk in the systems.
You will partner with application and platform/infrastructure teams to ensure risk areas are properly and effectively mitigated.
Coordinate the annual penetration test and work closely with the technology team to ensure prompt closure of the identified gaps.
Maintains awareness and understanding of industry trends on regulatory compliance, emerging threats, and technologies to understand the risk and better safeguard the organization.
A minimum of 5 years of relevant working experience performing information security risk assessment, preferably in both start-up and enterprise environments.
Strong experience in performing security assessment in a cloud-based environment, technologies, and services.
Hands-on experience working on cloud technology and services.
Excellent understanding of industry frameworks such as NIST framework, ISO 27001, PCI DSS, SOC 2, etc.
Excellent understanding of regulatory requirements in different markets the organization operates (e.g., MAS, HKMA, FSC, BNM, BSP, BOT).
Familiar with Software/Applications Development Life Cycle best practices and IT controls over different operating systems, cloud technologies, etc.
Ability to prioritize and divide responsibilities, as well as influence people to take action to assist in the resolution of security gaps.
Strong understanding of the security assessment process and procedures.
Strong operations, systems, and network administration to understand and execute countermeasures and relevant remediation.
Knowledge of vulnerability management, red teaming, and penetration testing.
Creative, independent with good problem-solving skills.
A Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) qualification or equivalent certifications.
Good to have certifications.
Certified Information Security Manager (CISM)
AWS Certified Security Specialty (CSS)
Certified Cloud Security Professional (CCSP)
What can you expect from us?
Impact: We are actively empowering and connecting people to a better financial future. Join us if you want to help us achieve our mission.
Work: We have a team of over 400 talented individuals in 6 markets who are hyper passionate about building innovative financial solutions and making an impact on people’s lives.
Culture: We take our work seriously but don’t hesitate to keep things light. We can only create magic when we have a little bit of fun.
Thrive: We launched in 2014 and fast-forward 7 years we now help over 10 million monthly users make the best financial decisions. Accelerate your career and become a pioneer in your field with a leading fintech company that seeks to push the boundaries of your imagination and is committed to growing your career.
Reputation: We are backed by world-class organizations and companies and have raised over US$110 million from investors including Experian, Pacific Century Group, IFC - a member of the World Bank Group