- Conduct Independent Security Assessment on business systems and applications, including Design review, Vulnerability Scanning and Penetration Test;
- Contribute to the development and maintenance of existing Information Security Framework;
- Provide subject matter expertise for Infrastructure and Application Teams, functional groups and business lines on security related questions and concerns;
- Provide independent advices to Infrastructure Team for improving first level security operations;
- Conduct research to evaluate new emerging technologies and maintain an up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices and regulations; and
- Promote Security Awareness Culture & Education Program.
- Bachelor’s degree or above in Technology / Financial Engineering / Risk Management or equivalent;
- Minimum 3+ years of relevant professional experience in Information Security / Cyber security / IT risk management / Technology risk management / IT Audit experience or related fields. Candidate with less experience would be considered for Analyst position;
- CISSP, CRISC, CISM, CISA certification or relevant certification is preferable;
- Risk-based thinking mindset, result oriented, disciplined and self-motivated;
- Ability to work under pressure and to multitask and prioritize;
- Ability to interact with all level of the organization from operators to executive management members;
- Knowledge of Vulnerability Assessment and Penetration Test is a plus;
- Knowledge of information security requirements of SFC and HKMA is a plus. Knowledge of ISO27001 is a plus; and
- Strong English report writing skills, Proficiency in both written and spoken English and Chinese, fluency in Putonghua is a must.
We offer an attractive remuneration package to the right candidate. Interested parties please forward your full resume with availability, expected salary by pressing "Apply now" or send it to 27/F., Low Block, Grand Millennium Plaza, 181 Queen’s Road, Central, Hong Kong.
(Data collected will be kept strictly confidential and used for recruitment purpose only.)