Group Manager, Security Governance & Compliance

John Swire & Sons (H.K.) Limited

A highly-diversified and global corporation, the Swire Group’s businesses encompass property, aviation, beverages and food chain, as well as marine and trading & industrial activities. Its core businesses are mainly focused in Asia, with its key operations in Hong Kong and the Chinese Mainland. Within Asia, Swire's activities come under the Group's publicly quoted arm, Swire Pacific Limited, which is the largest shareholder in two Hong Kong listed companies: Swire Properties and Cathay Pacific Airways.

John Swire & Sons (H.K.) Limited is the holding company of the publicly-listed conglomerate, Swire Pacific Ltd. Our Cybersecurity team is now inviting candidates to apply for the following position:

Group Manager, Security Governance & Compliance

This role would, in close partnership with internal and external stakeholders, provide highly skilled security expertise to develop and implement information security policies, and align controls and regulatory compliance requirements across Swire Group.

Responsibilities: 

• Develop, implement, and update security policies based on designated framework, emerging cyber threats, and industry best practices
• Lead the information security compliance programme across Swire Group, and establish appropriate cybersecurity framework
• Collaborate with operating companies and Group Internal Audit, to track and remediate security risks, and to report security compliance issues through security dashboard
• Build and implement security awareness programme to communicate security policies, and develop information security training plans and awareness activies for Swire Group
• Lead the creation, procurement, and delivery of awareness deliverables and learning content for Swire Group
• Manage the creation and procurement of vendor security risk and compliance platform 
• Monitor performance of vendors, and identify and escalate any associated security risks
• Work with Risk Management to manage cyber insurance programme for Swire Group, and ensure a comprehensive coverage of cyber insurance policy  

Requirements:

• Bachelor’s degree in Information Security Management, Computer Science and Technology, Network and Telecommunication, and Information Systems Management
• 10+ years of cybersecurity working experience, with at least 3 years in security governance and compliance
• Proven track record in developing security policies, and leading audit and compliance programme
• Sound experience in vendor management, and security awareness training delivery
• Strong understanding about security framework, such as NIST CSF, ISO 27001/2/5, CIS
• Attainment of certificates, e.g., CISSP, CRISC, CISA, CISM, would be preferred
• Excellent communication skills in both written and spoken English and Chinese. Fluent Putonghua is desirable

Application:
At Swire, we are committed to creating an inclusive and supportive working environment for all our people regardless of their age, gender, gender identity, sexual orientation, relationship, family status, disability, race, ethnicity, nationality, religious or political beliefs. We believe in creating an environment where people feel comfortable at work and are able to realise their full potential.

We offer a competitive package to the right candidate. If you meet the qualifications and are interested in this position, you can send your application by clicking ‘Apply Now’. We will contact all shortlisted candidates.
 

The Swire group is an equal opportunity employer. All applications will be used exclusively for selection purposes and handled confidentially by authorised personnel only. Your application may also be considered for other suitable positions within the Swire group (please indicate clearly on your application if you would not like to be considered for other positions within the group.) Following the data privacy ordinance, all unsuccessful applications will be destroyed after an appropriate time.