Director - Data and Security Governance

  • Hong Kong Island
  • Permanent
  • Wed Feb 4 08:21:16 2026
  • BBBH59554

We are seeking a highly skilled Senior Manager to lead the Data and Cybersecurity Governance within the IT Security division. This role will be pivotal in directing our initiatives focused on cybersecurity and data management.

Core Responsibilities:

  • Assess and enhance the organization's cybersecurity and data security policies, standards, and operational procedures.
  • Develop and enforce a comprehensive governance framework that aligns with organizational policies addressing data management, its lifecycle, protection measures, and prevention of data leaks.
  • Ensure that all IT infrastructure, systems, and applications comply with applicable laws and industry standards (including GDPR, ISO 27001, NIST, and relevant data protection regulations in HK and China).
  • Maintain an audit-ready environment and manage all responses to compliance evaluations, audit inquiries, client surveys, and requests from regulatory bodies.
  • Identify, evaluate, and rank cybersecurity risks affecting the organization. Design and execute a robust framework for cybersecurity and data protection.
  • Provide consistent updates and performance dashboards on the status of cybersecurity governance and compliance initiatives.
  • Ensure adherence to all company policies, mandatory training, and regulatory obligations.
  • Develop a governance strategy to effectively manage the organization’s multi-cloud approach, encompassing AWS, Azure, and Alibaba Cloud.

Requirements

  • A bachelor’s degree or higher in computer science, engineering, or a related field.
  • At least 15 years of relevant experience in cybersecurity band data protection.
  • Proficient in managing IT projects and engaging with project stakeholders.
  • Demonstrated knowledge of various cybersecurity concepts, including firewalls, application security, cloud security, endpoint protection, SIEM, threat detection, identity and access management, application whitelisting, O365, data leakage prevention, network security, and email security.
  • Capable of working autonomously, detail-oriented, results-oriented, self-motivated, proactive, enthusiastic, and collaborative with a team.
  • Excellent proficiency in both spoken and written English and Chinese (Mandarin is essential).
  • Relevant certifications, such as CISSP, CISM, CISP, and ISO 27001 Lead Implementer/Auditor.

“Sanderson-iKas” is the brand name for the following companies incorporated in Hong Kong: Sanderson Solutions International (Hong Kong) Limited (Business Registration no.53741924) and iKas International (Asia) Limited (Business Registration no.39818987)

Website: www.sanderson-ikas.hk