144 Information Security jobs in Hong Kong

Get AI-powered advice on this job and more exclusive features.

The Liberty International Insurance (LII) APAC Regional Chief Information Security Officer (CISO) is responsible for providing leadership and strategic alignment to global enterprise security policies and initiatives, whilst enabling the regional and country business goals and initiatives to achieve competitive advantage. The CISO collaborates with a wide variety of stakeholders across the globe and the broader organisation (Tech and non-Tech) to direct the overall planning and execution of enterprise and regional security related initiatives, as well as ensuring security-related BAU activities are executed to a high level of service standards and efficiency. The CISO champions a flexible, highly adaptable and secure operating environment that is responsive to the evolving threat landscape who also focuses on building and maintaining the digital trust. The CISO is expected to be a master communicator who is confident but humble, and capable of speaking effectively with all levels within and outside the organisation. The ideal CISO is a person who focuses on building a synergistic team across the region to collaborate effectively whilst enabling the team to support local market specific needs. The CISO must have a strong technical background and fully understands threats, risk mitigation and technical controls. Last but not least, the CISO assumes accountability for the daily tactical operations and overall strategic execution of the team under their leadership.

Reporting Line:

The CISO reports to the Head of Technology Risk and Cybersecurity for LII APAC and Global Risk Solutions (GRS) Business Information Security Officer (BISO).

About the Department & Team:

The Regional CISO sits within the broader Technology Risk Governance and Cybersecurity Team. The team serves as the guardians of Liberty Mutual’s organization and customer data. As a team dedicated to enable the business, this role and the team supports the delivery of digital transformation and resulting capabilities whilst aligning with corporate security policies and standards. The team champions the design and delivery of a modern tech risk and control testing framework that mitigates & monitors potential risks.

Key Responsibilities:

• By bringing together the security team across the region, develop and execute a set of regional security goals and roadmap that aligns to global policies and standards to effectively secure and enable the regional business to achieve its strategic objectives, build digital trust with our customer, partner and employee and attain competitive advantage.
• Work with regional Risk and Compliance teams to ensure compliance with regulatory requirements across the region. Identify synergies across the region and the globe as part of the exercise.
• Work with regional and country leadership teams to prioritize and execute remediation effort based on severity and impact of gaps identified. Establish a security maturity model that is tracked and adaptable to necessary changes.
• Engage and collaborate with a wide group of stakeholders, including but not limited to Global Risk Solutions (GRS) BISO team, Global Cyber Security (GCS) teams, Liberty International Insurance (LII) teams, LII APAC Regional Tech Leadership including Tech Risk, Country tech Leadership, as well as department/functional leaders, Risks, Compliance, Legal and Privacy teams across the globe.
• As key conduit for Global-region-country communications, empower country-level security leadership and encourage open communication with the goal of operating as “one team”. Drive learnings and standardization where practical and relevant.
• Work with Global/regional/country teams to define clear RACI on key security initiatives, processes, risks and controls.
• Lead or play a key role in major incidents, disaster recovery and business continuity events to minimize business and customer impact. Ensure lessons learnt are always conducted and applied to foster continuous improvement.
• Drive a strong security culture across the region through different communication channels and on-going training/awareness program with a view to safeguard virtual and physical information assets.
• Influence internal and external constituents, and relays best practice recommendations based on the evolving threat landscape to protect intellectual property and ensure compliance.
• Define regional or monitor globally defined key performance indicators (KPIs) and metrics that align with business initiatives and deliver them to non-technical individuals in an effective, understandable manner.
• Identify and develop business case on opportunities for security technology advancement to establish highly effective solutions designed to prevent and detect advanced threats to the company networks and systems.
• Report regularly to senior management and/or boards, keeping them abreast of the threat landscape and the tactical controls and strategic plans to achieve success.
• Make process improvements and leverage global capabilities to allow for effective automation and orchestration to maximize team talent and streamline routine tasks.
• As an empathetic leader, respect and work with team members and staff from a diverse background and geographical location. Mentors the security team and places a heavy emphasis on employee retention – is a people-first leader.
• Engage and manage third party relationships where required and ensure return on investment.
• Work with relevant teams including business leaders, Legal, Compliance, Privacy, Risk and Procurement to ensure Third- and Forth-party security management practices are in place as part of onboarding as well as on-going monitoring.
• Work with business units towards defined standard on responsible use of artificial intelligence (AI) and machine learning (ML).
• Optimizes and secures cloud infrastructure and applications required to support a dispersed remote workforce.

Skills and Experience:

• Bachelor's degree in Computer Science, Information Assurance, MIS or related field, or equivalent. MBA or Master’s degree in Information Assurance / Technology is preferred.
• Preferably 10-15+ years’ management experience, with 5-8+ years’ technical hands-on security, audit and risk management practitioner experience.
• At least 5 years’ experience working with business leaders holding fiscal responsibilities.
• CISSP (highly recommended); CISM (preferred) and/or SANS certification a plus.
• Strong written and oral communication skills across varying levels of the organization.
• Understanding of service design, delivery concepts and control frameworks.
• Solid organizational skills and the ability to multi-task, prioritize workloads and delegate responsibilities.
• Proven ability to receive security team recommendations and act assertively to support objectives.
• Effective stress management in a constantly changing environment.
• Highly focused on building and implementing a strong, cohesive team and security culture.
• Excellent judgment and the ability to make quick decisions when working in complex situations.
• Forward thinking with strong business acumen and flexibility.
• Ability to motivate the team to achieve excellence and give credit where it is due.
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
• Ability to work effectively with a variety of personalities and adapt to effectively reach and develop the team. Uses this skill as well as functional knowledge to both earn and maintain a high level of credibility with the team.
• Strong believer in enhancing employee skills and promoting training, use of cyber range skill improvement, and breach and attack simulation (BAS) solutions.
• Requires periodic awareness training for company employees on information security topics and allocates security budget to train technical staff members.
• Openly supports the organization, the management team and executive leadership team, even during times of adversity.
• Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.

• Seniority level Director

• Employment type Full-time

• Job function Information Technology, Strategy/Planning, and Consulting
• Industries Insurance, Financial Services, and IT Services and IT Consulting

Referrals increase your chances of interviewing at Liberty Mutual Insurance by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

2 days ago Be among the first 25 applicants

We are seeking a highly capable and experienced professional with approximately 10 years of experience in cybersecurity governance, and IT audit and security assessment support. This role focuses on leading security assessments in collaboration with technical teams, reviewing and translating technical findings into clear and impactful reports for clients, regulators, and senior management. The ideal candidate will possess strong analytical skills, excellent communication abilities, and a solid understanding of security controls across various technology domains.

Your Role

• Lead and coordinate security assessments across infrastructure, applications, and cloud environments, working closely with technical SMEs.
• Interface with technical teams to understand control implementation and translate findings into governance insights.
• Prepare high-quality security reports and presentations tailored for client and senior stakeholders.
• Support responses to client and regulatory security inquiries, ensuring accuracy, clarity, and timely delivery.
• Support the development of security reporting and risk metrics
• Contribute to the development and refinement of security policies, standards, and procedures.
• Support audit and assessment activities, including evidence collection and coordination with internal teams.
• Promote security awareness and contribute to training initiatives across the organization.

To Succeed in this Role

• Minimum 10 years of experience in cybersecurity governance, technology risk, or audit-related roles.
• Strong understanding of security controls across infrastructure, application, and cloud domains.
• Proven ability to work with technical teams and translate technical content into business-friendly reporting.
• Experience in preparing client-facing documentation and presentations.
• Excellent written and verbal communication skills in English.
• Familiarity with regulatory frameworks and standards (e.g., ISO 27001, NIST, CIS).
• Relevant certifications such as CISM, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.

Preferred Attributes

• Experience in regulated industries such as finance, healthcare, or insurance.
• Strong stakeholder engagement and coordination skills.
• Detail-oriented with a proactive and structured approach to governance.
• Familiarity with GRC

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development, Information Services, and Technology, Information and Media

Referrals increase your chances of interviewing at PCCW by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Cyber Security Analyst - Group Chief Information Officer role at HSBC

Some careers shine brighter than others. If you’re looking for a career that will help you stand out, join HSBC and fulfill your potential. Whether you want a career that could take you to the top or simply take you in an exciting new direction, HSBC offers opportunities, support, and rewards that will take you further.

Our GCIO organization plays a critical role for the