Job Description
Working Location: Kai Tak, Hong Kong
Employment Duration: Permanent
The Senior Manager, Security Compliance is responsible for leading the identification, interpretation and implementation of security compliance requirements, including cybersecurity compliance requirements, across CLP Group and in its supply chains. The role provides strategic and operational oversight to ensure that regulatory, contractual and internal security obligations and risk treatment actions are met consistently, supporting the protection of CLP’s people, its business lines, its critical infrastructure and the service it provides to its customers.
Responsibilities
Lead the Security Compliance Team
Lead, mentor, and develop a team of Security Compliance Managers, including contract staff where necessary, and build cross-Group security compliance knowledge and capability. The incumbent will also drive continuous improvement, ensuring that the team learns from feedback, participates in appropriate training and becomes self-aware and constructively critical.
Security Compliance
Ensure that security compliance requirements across physical, IT, OT environments, and in the supply chains, are effectively managed in alignment with business objectives, regulatory obligations and Group Security’s Policy and Standards. Further, ensure that agreed risk mitigation measures are applied appropriately.
Guidance and Assurance
Provide expert guidance and assurance to business units and suppliers to help them operate within established compliance frameworks and maintain a strong control environment. Together with the Group Security Risk Team, help business units and suppliers understand how security risks can impact on CLP’s business and assist them to recognise the importance of selected mitigation measures.
Continuous Improvement
Drive continuous improvement in compliance processes and reporting to enhance organisational resilience and support the reliable operation of generation, transmission and customer services. Monitor emerging regulatory, industry and internal requirements, ensuring timely updates to compliance frameworks and associated controls.
Audit
Coordinate and support internal and external audits, assessments and remediation activities to maintain a robust compliance posture, and to verify that risk mitigation measures are applied appropriately. Coordinate the tracking of outputs from audits, including aspects of non-compliance and inconsistent or absent risk mitigation measures.
Deputy to the Head of Security Governance, Risk, Compliance and Human Risk Management
The Senior Manager, Security Compliance may be required to act as deputy to the Head of Security Governance, Risk, Compliance and Human Risk Management, as required.
Requirements
- Bachelor's degree in a related discipline
- A Certified Information Systems Auditor or equivalent certification.
- At least 10 years’ experience in Cyber Security.
- At least 6 years’ experience leading a team.
- Experience in a technical Cyber Security role.
- Fluent in English and Cantonese, verbal and written.