Manager, IT Security

​

Responsibilities:

1. Strategy & Governance

• Define, develop, and continuously enhance the IT security policy, standards and procedure ensuring alignment with organizational objectives
• Establish and maintain a strong cybersecurity governance model to drive accountability and performance
• Ensure organization-wide compliance and awareness of security requirements
  
  

2. Risk & Vulnerability Management

• Lead initiatives to identify, assess, and prioritize vulnerabilities and threats
• Develop and oversee the implementation of risk mitigation and remediation plans
  
  

3. Compliance & Audit Management

• Serve as the primary point of contact for internal and external audits, regulatory reviews, and inspections related to information security
• Ensure compliance with applicable laws, regulations, and frameworks, including Protection of Critical Infrastructure (Computer Systems) Ordinance & Code of Practice (CoP); Personal Data (Privacy) Ordinance (PDPO) & CoP; DPO framework
  
  

4. Security Reviews & Assurance

• Lead and manage security assessments and reviews, including Security Risk Assessment & Audit (SRAA)
• Provide actionable recommendations and track remediation activities
  
  

5. Security Solutions & Vendor Management

• Evaluate, recommend, and implement cybersecurity technologies and solutions
• Manage vendors to ensure delivery of security solutions aligned with industry best practices and organizational requirements
  
  

6. Incident Management & Monitoring

• Lead information security incident management, including Implementation and enhancement of security monitoring tools (e.g., Entra ID, EDR, Email Security, DLP); Incident detection, response, containment, and recovery. Conducting post-incident reviews and driving continuous improvement

7. Perform ad-hoc assignments and duties as required by senior management

Requirements:

• Bachelor’s degree in Cybersecurity, Information Technology or related disciplines
• Minimum 8 years of working experience with solid track record in IT security, governance, and compliance within sizable organizations, ideally with presence in public organizations or quasi-government organizations
• Practical knowledge in local / global standards / framework, e.g. DPO framework, policies and guidelines, Protection of Critical Infrastructure (Computer Systems) Ordinance & CoP, The Personal Data (Privacy) Ordinance & CoP, ISO 27000 series, NIST, CIS Controls
• Solid experience in SOC management and cybersecurity solutions
• Proactive, strong problem-solving skills and ability to work under pressure, strong in communication and inter-personal skills
• Holder of any related professional certifications (e.g. CISM, CISA, CISSP or CRISC), additional CCSP / CISP is the plus
• Excellent presentation & communication skills and excellent command of verbal & written English and Chinese (both Cantonese & Mandarin)
• Frequent Travel or Work in Lok Ma Chau Office is required (Shuttle bus service & MTR concession scheme is available)

Company Benefits:

• Competitive annual leave entitlement
• MPF Top-up benefit
• Medical benefits from Day-1 with extended coverage to dependent(s)
• Dental & Life insurance
• Training sponsorship
• Professional membership fee reimbursement