PCCW Global is the international operating division of HKT, Hong Kong's premier telecommunications service provider, which is majority-owned by PCCW Limited. Covering more than 3,000 cities and 140 countries, the PCCW Global network supports a portfolio of integrated global communications solutions which include Ethernet, IP, fiber and satellite transmission solutions, international voice and VoIPX services, managed network & security services and our expanding “as-a-service” solutions including OTT video and Unified Communications.
PCCW Global is headquartered in Hong Kong, and maintains regional centers in Belgium, China, France, Greece, Japan, Korea, Singapore, South Africa, the United Arab Emirates, the United Kingdom and the United States of America. To learn more about PCCW Global, please visit www.pccwglobal.com.
IT Security Risk & Audit Manager
jobsDB Ref. JHK100003004997329
Employer Ref. CAV701519602-002
The appointed Information & Technology Risk & audit Manager will conduct assessments of internal control and risk management activities, with an emphasis on risks related to Information Technology Security. S/he is required to use his/her judgment and experience to carry out a comprehensive internal audit plan in an effective manner. S/he shall prepare and communicate audit findings and recommendations to Management at both PCCW Global and Group levels.
Key responsibilities include:
- Leads the operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable
- Drives required audit and measurements as scheduled in the ISMS
- Perform recurring measurements against IT security; includes at least one penetration testing per year operated by a third party ( network, social engineering, physical access …)
- Design and provide leadership for the implementation of necessary IT security policies, standards, procedures and guidelines in conjunction with Group risk Management, IT Architecture, system and operations
- Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with Group and Company security policies and applicable laws and regulations in countries
- Leads regular risk assessment and audit on systems and services deployed by IT
- Leads activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant IT functions and third parties
- Master or Bachelor's Degree in IT or related field required
- At least one of CISSP, CISM or CISA certified. PCI ISA and/or GIAC/GSEC certifications are a plus.
- Proven risk and compliance assessment experience
- Leadership experience for professional auditors, risk management, or project leadership professionals
- Solid knowledge and understanding of audit methodologies and tools that support audit processes
- Ability to work effectively in a multi-cultural team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
- Ability to function and perform independently with minimal supervision
- Outstanding problem solving and analytical skills with ability to turn findings into strategic imperatives
- Ability to communicate effectively, in both written and verbal formats, with senior executive-level leaders
- Fluent English is a MUST; Cantonese and/or Chinese speaking is a plus.
- 5+ years of experience in one of the following fields: audit, technology risk management, information security, technology governance, or availability management, ISO certification
- Some experiences with a company certified ISO 27001 – certified ISO 20K/27K implementer is a plus.
Attractive salary and fringe benefits will be offered to the successful candidates. Please apply with full resume, available date, present and expected salary by clicking "Apply Now". Resumes without current and expected salary will NOT be considered.
* Applicants not invited for interview within one month from the posting date may consider their applications unsuccessful.
For more information on other job opportunities of PCCW, please visit our website.
PCCW is an equal opportunity employer and welcomes applications from all qualified candidates. Information provided will be treated in strict confidence and will only be used for recruitment-related purposes. Personal data provided by job applicants will be used strictly in accordance with the employer personal data policies, a copy of which will be provided immediately upon request.