Information Security Compliance Manager

Taiwan

The Role:

If you are: 

Responsibilities: 

Experience: 

Skills:

What can you expect from us?

Impact: We are actively empowering and connecting people to a better financial future. Join us if you want to help us achieve our mission. 

Work: We have a team of over 400 talented individuals in 6 markets who are hyper passionate about building innovative financial solutions and making an impact on people’s lives. 

Culture: We take our work seriously but don’t hesitate to keep things light. We can only create magic when we have a little bit of fun. 

Thrive: We launched in 2014 and fast-forward 7 years we now help over 10 million monthly users make the best financial decisions. Accelerate your career and become a pioneer in your field with a leading fintech company that seeks to push the boundaries of your imagination and is committed to growing your career. 

Reputation: We are backed by world-class organizations and companies and have raised over US$110 million from investors including Experian, Pacific Century Group, IFC - a member of the World Bank Group

 
EEO Statement 
Hyphen Group is an equal opportunity employer. We value, support and respect all individuals and is committed to maintaining an inclusive and diverse working environment. Decisions in hiring are based on business needs, requirements of the job and individual qualifications and shall not be influenced by any consideration of race, ethnic or national origin, religion, sex (including gender identity and/or expression), age, sexual orientation, marital status, parental status, disability, genetic information, political affiliation or other applicable legally protected characteristics.
 
Apply for this job
* Required
Resume/CV *
Cover Letter
GDPR

When you apply for a job on this site, the personal data contained in your application will be collected by Hyphen Group (“Hyphen Group” or “we”), a company registered and incorporated in Hong Kong and which can be contacted by emailing jobs@hyphengroup.io. Hyphen Group (the “Group”), is a group of companies that provide price comparison services as well as financial services, insurance products, communications and other products and services across Asia.

Your data is stored in a range of systems and formats. These include in your recruitment file, in the Group’s HR management system and in other IT systems, including the Group’s email system.

Hyphen Group processes a range of information collected from you. Subject to applicable law, this may include:

  • your name, address and contact details, including email address and telephone number;
  • your gender and date of birth;
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration, including benefit entitlements;
  • details of your marital status and dependents;
  • candidate photographs;
  • details of your bank account;
  • Passport or other identification information; and/or
  • Information from compliance background checks.

Your personal data will be processed for the purposes of managing Jyphen Group’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, responding to and defending against legal claims, maintaining and promoting equal opportunities within the workplace and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under applicable Data Protection Laws as necessary for the purposes of the legitimate interests pursued by the Hyphen Group, which are the solicitation, evaluation, and selection of applicants for employment.

Who may have access to personal data?

Your information will be shared internally within the Group for the purposes of the recruitment exercise. This includes with members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy, internal and external auditors and IT staff if access to the data is necessary for the performance of their roles.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Hyphen Group to help manage its recruitment and hiring process on Hyphen Group’s behalf.

Hyphen Group may share your personal data with third parties in order to, obtain pre-employment references from other employers, obtain employment background checks from third party providers and to obtain necessary criminal record checks.

How long do we hold your personal data?

Your personal data will be retained by the Group for so long as the Group determines it is reasonably necessary to evaluate your application for employment. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment in accordance with the contract of employment and our internal privacy policy.

What if you do not supply your personal data?

You are under no statutory or contractual obligation to provide data to the us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

The Role:

  • As Hyphen Group’s Information Security Compliance Manager, you will be involved with the Information Security, Data Privacy and Compliance program for all markets that Hyphen Group operates. You will help guarantee our compliance to such standards ISO 27001, SOC 2 and applicable regulations, policies, and guidelines.
  • You will be responsible for managing incoming/ongoing cybersecurity and privacy due diligence assessments/questionnaires from partners, service bureaus and customers and ensuring timely, accurate responses.
  • You will be responsible for advising others on the compliance process and increasing user awareness of information security.

If you are: 

  • Good at mentoring and enjoy communicating with different stakeholders. 
  • Remains composed when decisions have to be made quickly.
  • Develops and implements new and improved ways of doing work; encourages staff and guide organization and foster a positive security behaviour and posture.

Responsibilities: 

  • Lead security compliance program activities as set out in the information security policy to assess compliance with Hyphen Group’s policies, standards, and procedures.
  • Monitoring compliance to information security and data privacy policies, as well as other applicable regulatory requirements and guidelines. 
  • Develops training and awareness programs to foster a culture of cybersecurity. 
  • You will be working closely with technology, audit, legal, human resource, and other business units to understand security challenges and tailor targeted training to meet business and compliance requirements.
  • Develop and maintain a security awareness program that effectively increases a security aware user behaviour.
  • Evaluate continuous compliance through automation and develop compliance metrics that are measurable and provide a good sense of security and compliance posture for Hyphen Group.
  • Oversee changes in related regulation that affects the information technology, and develop a compliance program to address potential gaps identified.
  • You will be working closely with technology, audit, legal, human resource, and other business units in conducting privacy impact assessments.
  • Provide guidance regarding internal and external audits requests and regulatory responses.
  • Support the Legal office and provide guidance on information security related topics.
  • You will work with IT infrastructure, vendors, business, and auditors for projects and audit matters.

Experience: 

  • A minimum of 5 years of relevant working experience in information security, compliance, and privacy program management, preferably in both start-up and enterprise environments.
  • Strong experience in performing compliance assessment in a cloud-based environment, technologies, and services.
  • Experience with various compliance frameworks and requirements including NIST framework, ISO 27001, PCI DSS, SOC 2, etc. 
  • Excellent understanding of regulatory requirements in different markets the organization operates (e.g., MAS, HKMA, FSC, BNM, BSP, BOT).
  • Understanding of the regulatory and audit requirements with respect to compliance and experience working and interacting with regulators and auditors. 
  • Experience working on cloud technology and services. 

Skills:

  • Communicating compliance requirements with both technical and non-technical audiences at various levels in the organization.
  • Strong understanding of security risk and compliance assessment, process, and procedures
  • Creative, independent with good problem-solving skills
  • A Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) qualification or equivalent certifications.
  • Good to have certifications:
    • ISO/IEC 27001 Lead Auditor
    • Certified Information Privacy Professional (CIPP) 
    • Certified Information Security Manager (CISM)
    • Certified Cloud Security Professional (CCSP)

What can you expect from us?

Impact: We are actively empowering and connecting people to a better financial future. Join us if you want to help us achieve our mission. 

Work: We have a team of over 400 talented individuals in 6 markets who are hyper passionate about building innovative financial solutions and making an impact on people’s lives. 

Culture: We take our work seriously but don’t hesitate to keep things light. We can only create magic when we have a little bit of fun. 

Thrive: We launched in 2014 and fast-forward 7 years we now help over 10 million monthly users make the best financial decisions. Accelerate your career and become a pioneer in your field with a leading fintech company that seeks to push the boundaries of your imagination and is committed to growing your career. 

Reputation: We are backed by world-class organizations and companies and have raised over US$110 million from investors including Experian, Pacific Century Group, IFC - a member of the World Bank Group

 
EEO Statement 
Hyphen Group is an equal opportunity employer. We value, support and respect all individuals and is committed to maintaining an inclusive and diverse working environment. Decisions in hiring are based on business needs, requirements of the job and individual qualifications and shall not be influenced by any consideration of race, ethnic or national origin, religion, sex (including gender identity and/or expression), age, sexual orientation, marital status, parental status, disability, genetic information, political affiliation or other applicable legally protected characteristics.