Group Manager, Cyber Risk

Date:  14-Jun-2022
Job Req ID:  2208
Company:  John Swire & Sons (H.K.) Limited


A picture containing text, clipart

Description automatically generated


John Swire & Sons (H.K.) Limited


A highly-diversified and global corporation, the Swire Group’s businesses encompass property, aviation, beverages and food chain, as well as marine and trading & industrial activities. Its core businesses are mainly focused in Asia, with its key operations in Hong Kong and the Chinese Mainland. Within Asia, Swire's activities come under the Group's publicly quoted arm, Swire Pacific Limited, which is the largest shareholder in two Hong Kong listed companies: Swire Properties and Cathay Pacific Airways.


John Swire & Sons (H.K.) Limited is the holding company of the publicly-listed conglomerate, Swire Pacific Ltd. Our Cybersecurity team is now inviting candidates to apply for the following position:


Group Manager, Cyber Risk


The role aims to implement Cyber Risk strategies and advise on critical areas for opportunities and improvement. He/She will be the key person to drive cyber risk management methodology and in charge of identifying, assessing, evaluating and monitoring the cyber risks across the Group. The job holder will have a direct impact on the group cyber risk landscape and look after both on-premises and cloud environments against cyber threat and mitigate the cyber risks to an acceptable level.  




  • Drive the implementation of risk management framework aligned to ISO 27005, which includes security risk policy, control mapping, and risk management process
  • Manage risk arise throughout digital transformation, and embed risk and controls into new ways of working
  • Deploy mitigating strategies and develop best practice solutions to identify and manage emerging risks, and ensure consistency with the group policy 
  • Create and maintain a risk register for digital assets and critical applications, and establish a risks reporting dashboard, to keep track of risk profiles and mitigation
  • Leverage and promote digital technologies to optimize operational efficiency, predict risk and control behaviors, and generate insights
  • Provide counsel to digital and critical application owners about recent cyber threats and vulnerabilities, and collaborate on risk remediation




  • Bachelor’s degree or above in Information Security Management / Computer Science / Information Systems Management
  • At least 8 years of cybersecurity experience with at least 3 years in cyber risk management
  • Solid technical knowledge and experience in cyber risk management, including risk register, risk identification and mitigation, cyber threats and exploitation methods 
  • Familiar with ISO 27005, CIS Top 18 Controls, and the NIST Cybersecurity Framework
  • Attainment of Cybersecurity related certificates, e.g. CISSP, OSCP, CRISC, CISA, would be desirable
  • Excellent communication skills in both written and spoken English and Chinese. Fluent Putonghua is desirable


At Swire, we are committed to creating an inclusive and supportive working environment for all our people regardless of their age, gender, gender identity, sexual orientation, relationship, family status, disability, race, ethnicity, nationality, religious or political beliefs. We believe in creating an environment where people feel comfortable at work and are able to realise their full potential.


We offer a competitive package to the right candidate. If you meet the qualifications and are interested in this position, you can send your application by clicking ‘Apply Now’. We will contact all shortlisted candidates.


The Swire group is an equal opportunity employer. All applications will be used exclusively for selection purposes and handled confidentially by authorised personnel only. Your application may also be considered for other suitable positions within the Swire group (please indicate clearly on your application if you would not like to be considered for other positions within the group.) Following the data privacy ordinance, all unsuccessful applications will be destroyed after an appropriate time.