101 Data Compliance jobs in Hong Kong

The Asia Data Office (ADO) is a team of data professionals dedicated to enabling data as a strategic asset to drive business outcomes across Asia and the broader Asia segment. The team comprises Data Analysts, Architects, Engineers, and Business Intelligence professionals focused on delivering high-quality, accessible data for use cases spanning Business Intelligence, Digital Applications, and Advanced Analytics.

We are seeking a highly skilled and experienced Associate Director, Data Security and Compliance to spearhead the development and enforcement of access management frameworks and data risk policies across multiple data lakes in Asia, while ensuring alignment with global standards. This role is critical in maintaining regulatory compliance across ten markets and managing key data risks within the Asia Data Office.

Position Responsibilities
Access Management

• Framework Development: Design, implement, and maintain robust access management frameworks and policies to ensure secure and efficient data access across Asia's data lakes.
• Policy Integration: Collaborate with global teams to align regional access policies with global standards.
• Access Controls: Regularly monitor and audit access controls to ensure compliance with internal policies and security protocols.
• User Access Management: Oversee role-based access provisioning, ensuring appropriate access levels based on responsibilities.
• Technology Enablement: Partner with IT and architecture teams to implement tools and technologies that support access governance.

Data Governance

• Governance Oversight: Ensure effective governance of data access, maintaining data integrity, security, and availability.
• Quality Initiatives: Lead efforts to standardize and harmonize data access processes across the region.
• Policy Enforcement: Ensure adherence to data governance policies by all stakeholders.

Regulatory Compliance

• Compliance Monitoring: Track and ensure compliance with data access regulations across ten markets, adapting policies as needed.
• Regulatory Liaison: Work closely with legal and compliance teams to meet local and international regulatory requirements.
• Documentation: Maintain clear and comprehensive documentation of access policies and procedures.

Data Risk Management

• Risk Identification & Mitigation: Identify, assess, and mitigate data privacy and security risks. Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
• Risk Execution: Own and execute Information Risk Assessments (IRAs) for the Asia Data Office.
• Audit & Compliance: Conduct regular audits to ensure ongoing compliance with privacy and security laws. Implement corrective actions as necessary.
• Incident Response: Lead response efforts for data breach incidents, including investigation, reporting, and remediation.
• Reporting: Provide regular updates on data risk status and mitigation strategies to the Asia Chief Data Officer and senior leadership.
• Training & Awareness: Develop and deliver training programs to promote a culture of privacy and data security awareness.

Coordination & Collaboration

• Cross-Functional Engagement: Collaborate with IT, legal, compliance, architecture, engineering, and business teams to ensure cohesive access management.
• Culture Building: Promote data stewardship and accountability across the organization.
• Solution Design: Work closely with solution and data architects to design access management solutions aligned with business and regulatory needs.

Required Qualifications

• Bachelor's or Master's degree in Information Technology, Data Science, Business Administration, or a related field.
• 8–10 years of experience in access management, data governance, or risk management.
• Experience in a multinational organization with a focus on Asia.
• Professional certifications such as CIPP, CRISC, or CDMP.
• Strong knowledge of access frameworks, governance policies, and regulatory compliance.
• Proficiency in technologies such as SQL, Oracle RDBMS, Microsoft Synapse, Azure Data Lake Storage (ADLS), Azure Data Factory, Cosmos DB, and Databricks.
• Foundational understanding of emerging technologies like Generative AI and OpenAI.
• Demonstrated experience in managing data risks and implementing mitigation strategies.
• Excellent leadership, communication, and stakeholder management skills.
• Ability to thrive in a fast-paced, dynamic environment with multiple priorities.

When You Join Our Team

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

About Manulife And John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit

Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact

Working Arrangement
Hybrid

Join to apply for the Information Security Manager role at Global Payments Inc. .

Develops and leads one or more of the following highly technical and specialized areas within information security: Security Engineering, Security Architecture, Forensics Analysis, Threat Analysis, Threat Hunting and Penetration Testing. Manages the development, deployment and execution of enterprise security controls and defenses. Monitors, analyzes and exploits system vulnerabilities to detect potential threats. Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence. Determines risk and exposure from security breaches and resolves incidents while providing guidance to business decision-makers.

• Tracks and supports the delivery of information security solutions. Manages the tactical activities of installing and configuring security systems, software and applications. Coordinates responses to intrusions and provide remediation guidance and support.
• Coordinates resources on highly complex development projects including approval of design specifications and scope. Provides input to short-term security technology roadmaps regarding applicability of new technologies. Disseminates updates to InfoSec Architectural policies, standards and guidelines to team members.
• Reviews forensic investigations and analysis of reported cyber incidents to evaluate root cause vectors and necessary control measures needed to prevent future occurrence. Implements appropriate countermeasures to recover deleted, hidden or lost user data.
• Coordinates research and analysis of threat actor profiles and associated indicators to detect potential threats. Implements recommended actions and security tools to identify, monitor and mitigate attacks. Coordinates with external security organizations to exchange threat intelligence.
• Coordinates complex threat assessment to evaluate incident impact and risk exposure. Reviews cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies), and draws conclusions on possible implications or applicability. Guides the threat intelligence collection process to enhance analytical capabilities.
• Manages execution of penetration testing activities on core systems. Articulates the outcome of stimulated attacks and underlying security issues or system weaknesses. Recommends and institutes remediation techniques or improvements to protect and maintain security frameworks and controls.
• Supports the evaluation and selection of security applications and systems. Manages the implementation of access control defenses. Provides quality review on the evaluation and documentation of team procedures. Manages development, deployment and support activities for multiple critical security technologies to include problem resolution and management, application maintenance, project requests and system enhancements.
• Not an exhaustive list; other duties as assigned.

• Bachelor's Degree
• Relevant Experience or Degree in: Information Security or Computer Science preferred. Other majors will be considered.
• Typically a minimum of 6 years
• Related professional experience and prefer a minimum of 1-2 years experience in a supervisory position.
• One or more of the following-CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, CGEIT, Certified Forensic Computer Examiner (CFCE), Certified Cyber Threat Analyst (CCTA), Certified Computer Examiner (CCE)

• Prior Global Payments, payment or technology industry experience is preferred.
• Master's Degree in a related field of study from an accredited university.

None Identified

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Information Technology
• Industries: Financial Services and IT Services and IT Consulting

Associate Manager @ PureSoftware Malaysia

Job Description:

• Minimum of 2 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world’s top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

• Associate

• Full-time

• Information Technology, Other, and Analyst

• Insurance, Banking, and Financial Services

Get AI-powered advice on this job and more exclusive features.

Join us. Let’s care for tomorrow. At Allianz Global Investors we foster a culture of professionalism, fulfilment, and an inclusive working environment. Do you want to be part of a leading active asset management company? Then join us now as Information Security Architect in Hong Kong within the Information Security team.

• Support of the continuous development and improvement of our global information security programme (including frameworks, processes, and tool sets) with a focus on security architecture and governance
• Conduct Security Architecture reviews based on industry-best practise, including threat modelling of systems and applications in scope as a vehicle to identify and communicate security risks
• Prepare and moderate regional security governance forums and status meetings, having modern and future-proof collaboration models in mind
• Act as a regional security point of conduct for auditors and business partners
• Driving our global security training and phishing exercises and conducting regional security awareness measures as part of our communication concept
• Work closely with a distributed team of Information Security, IAM and Cybersecurity professionals across Asia and Europe

• Deep expertise and proven experience in Information Security Management, including frameworks, regulations and security architecture
• 3-7 years of professional experience in information security/cybersecurity with specific industry qualifications (e.g., CISSP, CISM, CISA)
• Hands-on experience in developing solutions, such as relevant guidelines and operating procedures on the basis of best-practices, business needs and regulatory requirements as well es respective methodologies for control testing
• Experience in the identification of security risks as well as threat modelling based on internationally recognized frameworks, including the advisory on possible mitigating and controlling measures and architectures.
• Proven track record in working with diverse and distributed global teams, as well as excellent communication and interpersonal skills (communicating and reporting sophisticated technical concepts to business and risk partners)
• Experience interacting directly with senior stakeholders (C-Suite, Board and Regulators)
• Experience balancing multiple concurrent projects and priorities communicating and committing to realistic deadlines, showcasing a structured way of working
• Proficiency in English is a must, additional proficiency in Mandarin preferred and additional language skills are a plus

• Balanced work environment: A dynamic office culture that supports flexibility and collaboration
• Securing your future: Access to pension, retirement, and/or savings plans as applicable to the work location
• Shared success: Company share purchasing plan
• Support for what matters: Mental health and wellbeing programs
• Investments in your career: Career opportunities within the entire Allianz Group
• Investments in your skills: Comprehensive learning and development offerings, including certifications and professional qualifications
• … and so much more!

Allianz Global Investors is a leading global active asset manager. We invest for the long term and want to create value for clients every step of the way. We do this by being active – in how we partner with clients and anticipate their needs, and build solutions based on capabilities across public and private markets. Our focus on enhancing our clients’ assets leads naturally to a commitment to sustainability for positive change. Our goal is to enhance the investment experience for clients, whatever their location or goals. Putting our clients' needs first, behaving in a transparent way and treating people fairly means acting with integrity. We encourage a collegial culture, that supports individual responsibility. We invest in the development of our employees to maximize the power of innovation. We at Allianz believe in a diverse and inclusive workforce, we are committed to the principles of Equal Employment Opportunity and to helping applicants with any disabilities. We encourage you to bring your whole self to work, no matter where you are from, what you look like, who you love or what you believe in. We therefore welcome applications regardless of ethnicity or cultural background, age, gender, nationality, religion, disability or sexual orientation.

If you feel inspired to promote the active asset management experience, this is the place for you. Join our diverse, international, technology-enabled, and agile environment. Simply upload your CV in English to apply for this position! If you need support to navigate our websites or at any stage during your application, please send an email with your request to

To Recruitment Agencies Allianz Global Investors has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Global Investors does not accept unsolicited resumes from agency or search firm recruiters. When we do work with recruitment agencies, that engagement is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate was ultimately employed by Allianz Global Investors. Finally, please do not contact hiring managers directly.

Location: Sha Tin District, Hong Kong SAR; Job type: Full-Time | Permanent

Join to apply for the Information Security Manager role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established organization within the financial services sector. With a large workforce and a solid market presence in Hong Kong, they are committed to maintaining high standards in technology and information security.

As a 'Manager, Information Security,' your main responsibilities will include:

• Overseeing the implementation and maintenance of the bank's information security systems.
• Conducting regular audits and risk assessments to ensure adherence to security protocols.
• Developing and implementing information security policies and procedures.
• Training and mentoring staff on information security best practices.
• Conducting cybersecurity assessments, including penetration testing and infrastructure/web application reviews.
• Managing and maintaining security systems such as firewalls, NAC, IPS, and SIEM.
• Leading and coordinating information security projects across departments.
• Managing incident responses and investigations into security breaches.
• Staying updated on the latest trends and developments in information security.
• Reporting on the status of information security to senior management.

A Successful 'Manager, Information Security' Should Have

• A degree in Computer Science, Information Security, or a related field.
• Proven experience in a managerial role within the field of information security.
• Familiarity with information security regulations and standards in the financial services industry.
• Exceptional leadership and communication skills.
• The ability to handle sensitive information with discretion and integrity.

• A competitive salary in the range of HKD 648,000 - HKD 792,000 per annum.
• Standard benefits package.
• The chance to work in a fast-paced, technology-driven environment within the financial services industry.
• Opportunities for career progression and professional development.
• A supportive and collaborative company culture.

We encourage all candidates who believe they can fulfill these responsibilities and possess the necessary qualifications and skills to apply. This is a fantastic opportunity to join a leading financial organization in Hong Kong and make a significant impact in the field of Information Security.

Contact: Alexis Wee

Quote job ref: JN-

• Mid-Senior level

• Full-time

• Information Technology and Engineering

• Financial Services, Accounting, and Banking

Job Description:

1. Support and maintain Information Security Management System (ISMS) in accordance with the standard of ISO 27001
2. Ensure the accuracy of the ISMS documentation, develop and maintain information security policies, processes and procedures, design and deliver information security training and awareness programs
3. Undertake information security control assessments, identify and monitor information security risks, threats and vulnerabilities
4. Facilitate and coordinate external compliance audits and ensure audit findings are actioned as required
5. Frequent business trip to mainland China
6. 3-5 years working experience in Information Security
7. Familiar with key frameworks such as ISO 27001

Job Responsibilities:

• Responsible for managing information security and infrastructure systems to ensure the smooth operation of all enterprise systems and network
• Support day-to-day monitoring and control of information security program, systems, configuration, patching and backup
• Assist in conducting risk assessment and information security review of internal operations, vulnerability assessments and tests for enterprise continuous improvement
• Assist in developing and continuously improve the information security issues and resolve the audit findings
• Coordinate implementation and validation of information security controls
• Monitor and assess information security violations incidents and responses
• Troubleshooting and provide technical support for information security solutions
• Assist in preparing training materials to promote information security awareness across the enterprise
• Maintain up-to-date inventory on infrastructure equipment and software
• Perform other duties as assigned by the supervisors

Requirements:

• Degree holder in Information Technology, Computer Science or related disciplines
• Holder of CISSP, CISA, CCNA, MCSE or relevant certification preferred
• 2+ years relevant working experience on information security, infrastructure maintenance and technical support
• Experience in developing and implementing information security control process, hands-on working experience in Microsoft Windows Server, Linux, Networking, Firewall, Antivirus, VMware and System Hardening
• Knowledge of ISO27001 or Risk Management is a plus
• Positive, responsible, able to work independently and maintain confidentiality
• Fresh graduates and willing to learn will also be considered

At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we're now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on.

About the Role

This position supports the Information Security Department in advancing the organization's information and cyber security maturity across internal operations and affiliated entities. The role is primarily responsible for leading and overseeing the implementation of robust security controls and governance practices, ensuring alignment with AIA's IT policies, standards, and guidelines. It plays a critical role in safeguarding the confidentiality, integrity, and availability of systems and data, while driving continuous improvement in security operations, risk management, and compliance.

Roles and Responsibilities:

This position is responsible for driving daily operations in key areas of information security, including identity and access management (IAM), vulnerability management, and security assessments, while ensuring compliance with company policies and standards, regulatory and audit requirements. Additionally, the role leads the execution of critical local and groupwide information security uplift initiatives, overseeing the deployment of solutions across IT infrastructure and applications, and validating their effectiveness through rigorous testing.

Daily Operations – Information Security Governance & Control

• Develop and maintain the information security governance framework and risk portfolio in alignment with AIA's IT policies, standards, and guidelines.
• Oversee regular security assessments, including identity and access management (IAM) reviews, vulnerability management, remediation activities, and independent testing of IT infrastructure and applications to ensure compliance with security standards.
• Establish and manage processes to proactively identify technology risks and potential security breaches, ensuring continuous protection of organizational systems and data.
• Supervise IAM operations, including access provisioning, role-based access control, and periodic access certifications, ensuring adherence to compliance and audit requirements.

Information Security Uplift Project Execution

• Lead the execution of key local information security initiatives, such as IAM enhancements and vulnerability remediation efforts.
• Drive the deployment of groupwide strategic information security solutions across local IT infrastructure and systems.
• Enhance security assessment practices for applications and infrastructure, providing actionable recommendations to strengthen the organization's security posture.

Strategic and Cross-Functional Engagement

• Lead ad-hoc cross-functional teams on special projects and strategic initiatives related to information security.
• Develop and implement plans to uplift information security controls across the organization.
• Serve as a key liaison with group offices, business partners, corporate clients, IT vendors, and external parties on IT security matters as needed.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.