Senior Manager, IT Security

​

Responsibilities:

• Define and develop IT security strategy, governance and refreshment roadmap with effective resource allocation across vendors and teams
• Being the leading expert in the field of IT security, providing professional advice to the Division and the Company
• Manage the team to co-ordinate with users of the Company on IT security issues and enquiries
• Lead efforts to identify and prioritize vulnerabilities and threats to develop risk mitigation plans
• Act as focal point for internal and external audit and regulatory inspection over information security matters
• Review and approve security design of IT infrastructure & Applications systems for security compliance requirements
• Manage the security reviews and audits for internal and external stakeholders including but not limited to SRAA, BCP, Drill, PIA, and Compliance gap analysis
• Explore the cybersecurity solutions and manage vendors to implement or enhance systems, aligning with best practices of security control for protecting the corporate assets related to information
• Lead information security incident management, including implementation of monitoring tools for security incidents, information security response, post-incident reviews, and improvements
• Define, review, revise and enforce IT security policies, procedures, and standards to ensure adherence to relevant regulations and compliance of public organization and corporate requirements, including but not limited to DPO framework, policies and guidelines, Protection of Critical Infrastructure (Computer Systems) Ordinance & CoP, The Personal Data (Privacy) Ordinance & CoP, NIST, CIS Controls, ISO/IEC
• Perform other ad-hoc duties and assignments as required

Requirements:

• Bachelor’s degree in Cybersecurity, Information Technology or related disciplines
• Minimum 10 years of working experience with solid track record in IT security, governance, and compliance wothin sizable organizations, ideally with presence in public organizations or quasi-government organizations, with 5 years managerial roles
• Practical knowledge in local / global standards / framework, e.g. DPO framework, policies and guidelines, Protection of Critical Infrastructure (Computer Systems) Ordinance & CoP, The Personal Data (Privacy) Ordinance & CoP, ISO 27000 series, NIST, CIS Controls
• Solid experience in SOC management and cybersecurity solutions
• Proactive, strong problem-solving skills and ability to work under pressure, strong in communication and inter-personal skills
• Holder of two of any related professional certifications (e.g. CISM, CISA, CISSP or CRISC), additional CCSP / CISP is the plus
• Excellent presentation & communication skills and excellent command of verbal & written English and Chinese (both Cantonese & Mandarin)
• Frequent Travel or Permanent Work in Lok Ma Chau Office is required (Shuttle bus service & MTR concession scheme available)

Company Benefits:

• Competitive annual leave entitlement
• MPF Top-up benefit
• Medical benefits from Day-1 with extended coverage to dependent(s)
• Dental & Life insurance
• Training sponsorship
• Professional membership fee reimbursement