Technical Risk and Compliance Manager | 風險及合規經理

About Us

Bowtie‘s mission is to create a digital insurance platform that brings greater good to consumers. As we grow towards that mission, we're looking for highly dynamic, hands-on and passionate talent to our team.

We Offer

  • Competitive salary
  • Fun, co-operative and flexible startup culture
  • Weekly sharing sessions and regular happy-hour gatherings
  • Flexible working hours
  • 5-day work week and Annual Leave
  • Benefits include medical/ dental coverage and wellness program
  • Professional Development Sponsorship
  • Hong Kong working visa sponsorship (onsite position)

How to Apply

A description of your work history (whether as a resume, GitHub profile, LinkedIn profile, or prose)

About the Role

  • Serve as subject matter expert on Bowtie security and privacy policies
  • Identify key external security and privacy stakeholders, their issues, risks, and opportunities for engagement
  • Develop external engagement strategy to influence global security and privacy policy
  • Articulate our security and privacy policy positions for briefing papers, requests for comments, and internal policy meetings
  • Provide subject matter expertise on processes, controls, and objectives around audit and security activities
  • Manage and report security assessments and ongoing monitoring activities across Bowtie's security requirements and best practices
  • Partner with other compliance teams to map and maintain all controls in the digital platform
  • Assist with collecting and maintaining evidence for external assessors and auditors
  • Author and roll out policies, standards, and procedures in collaboration with other teams
  • Evaluate and report on security risks, processes, and projects to various stakeholders
  • Provide written documentation in response to various audit and compliance requests
  • Stay current on developing regulatory and compliance changes and provide guidance on new security and privacy requirements
  • Work across the Engineering team to effect culture change and help teams implement automated compliance into their workflows

About You

  • Experience in security or technology compliance. Strong familiarity with and track record of implementing security standards or frameworks and Hong Kong privacy policy
  • Experience in developing or building control environments in financial services or healthcare companies
  • Experience in designing, implementing, configuring, or testing security and technology controls with stakeholders and managing multiple business priorities
  • Relevant BA/BS degree and/or certifications (CISA, CISSP, CISM, CRISC)