- Ensure the adequate security controls are in place according to the company’s policies and industrial standards
- Ensure the effectiveness of security controls for both in-house IT operation teams and outsourced operations
- Promote and ensure Secure SDLC and secure coding practices to in-house developed applications
- Keep up-to-date knowledge on information security processes and technologies, including emerging cyber-attack threats and the corresponding mitigation controls
- Perform regular vulnerability assessments and penetration tests to the company’s IT systems and network infrastructures and driving the patching management process to ensure critical vulnerabilities are addressed timely
- Define and own the Computer Security Incident Response process, including maintain escalation channels for all spectrum of users and performing diagnosis
- Work closely with key stakeholders internally and externally to provide remediation on security incidents
- Maintain dashboards and collect metrics and reports on cyber threats and IT systems/ infrastructures vulnerability
- Provide expert consultation to other teams
- University Degree in Information Security, IT, Computer or related subjects
- Holder of security certificate such as GIAC, CEH, OSCP, CISSP, CISM, CISA is preferred
- Previous working experience in computer security incident response or computer forensic in security vendors or law enforcement authorities is preferred
- Knowledgeable in TCP/IP networking and network security products such as Firewall, IDPS, Web proxy, etc.
- Experienced in Windows and Linux/UNIX operation systems
- Familiar with information security technologies such as AAA systems, email and web security, PKI, data encryption and end-point protection systems
- Familiar with information security standards such as ISO27001, C-RAF, COBIT 5 and CIS Critical Controls
- Good understanding of cyber-attack techniques (e.g. APT, DDoS, malware, phishing, etc.) and the corresponding response and investigation methodologies
- Knowledgeable in computer forensics and advanced data recovery tools
- Proactive and self-initiated
- Strong influencing and communication skills
Competitive Salary will be offered to the right candidate. For application, please update your resume by clicking "APPLY NOW" or complete the online application form which is available at https://www.midland.com.hk/joinus/ and sent to the corresponding email address together with your full resume, present & expected salary.
All personal data collected will be used for recruitment purpose only. Applicants not hearing from us within 2 months may consider their applications unsuccessful. All personal data supplied will be kept for a reasonable period in accordance with the legal requirements.
As an Equal Opportunities Employer, we are committed to eliminating discrimination in employment. Our vacancy is open to all applicants meeting the basic entry requirement irrespective of their disability, sex, marital status, pregnancy, age, family status, sexual orientation and race.