In Hang Sang Information Technology, we amplify our services and solutions through innovative application of technologies, delivering a comprehensive range of products and services in meeting
changing customer needs. We enhance customer convenience, access and choices across our distribution channels, providing secure and engaged offering at individual’s lifestyle expectation. We advocate creativity and collaboration to unlock the potential of
our people, creating an open and progressive workplace. We develop deep expertise in financial technologies, consulting and partnering with our business in delivering customer centric propositions in an agile enjoyment.
We are currently seeking a high caliber professional to join our department as
Cyber Security Manager (Third Party Security Review).
The role is to ensure all control measures of Cyber Security are undertaken with Cyber Security risks properly addressed in IT systems development and solutions deployment to minimize the
risk exposure of the Bank. The role is also to ensure compliance with Group and regulatory policies and standards (including HKMA, SFC, IT SOX, Strategic Control of Privileged Access Program and audit requirements).
- Provide expertise, consultancy and support to the Business/Functions to identify risk and controls required on information security and cyber security incidents.
- Keep abreast of the latest cyber security threat landscape, evaluate the potential impact to the bank.
- Perform assessment review and recommend security controls on cyber security risk.
- Conduct application risk assessment and provide design consultancy on software delivery.
- Conduct application source code review/static code analysis, verification of false positives.
- Conduct 3rd party security reviews for vendors.
- Cloud Security assessment and reviews.
- University degree in Computer Science or related disciplines
- Over 5 years’ experience in IT security and risk management area
- Solid experience in cyber security controls and incident handling
- Working knowledge with vulnerability scanning and penetration tools In-depth knowledge of TCP/IP and routing, firewall technologies, information security principles and practices
- Comprehensive working knowledge of UNIX, Kali Linux, MacOS and Windows OS
- Strong knowledge of banking regulations / guidelines relating to cyber security and technology risk management
- Strong self-motivation, with good leadership, communication, interpersonal and analytical skills
- Great sense of ownership and servicing mindset
- Good command of both spoken and written English and Chinese; Mandarin is an advantage
- Professional qualification such as CISM, CISA, CISSP and CEH preferred
- Experienced in performing security risk assessment and audits based on industry standards
- Familiar with ISO 27001 ISMS
All information provided by applicants will be used only for recruitment purposes and will be used strictly in accordance with the Bank's personal data policies, a copy of which may be
obtained by the applicant upon request. Unless otherwise instructed in writing by the applicant concerned, applicants may be considered for other suitable positions within the Bank and its related companies. The personal data of unsuccessful job applicants
may be retained for a maximum of two years from the date when the job application is rejected and such data may be retained for a longer period if there is a subsisting reason that obliges the Bank to do so, after which the personal data will be destroyed.