Share this
Job Responsibilities:
- Assess information security risks in new projects and propose effective mitigation measures.
- Design and implement cyber defence plans aligned with group standards and in compliance with Hong Kong Monetary Authority requirements.
- Handle daily operations and maintenance of information security, including monitoring security events, designing detection rules, following up on security incidents and reporting progress regularly.
- Manage account security, vulnerability management, penetration testing and other regular cybersecurity tasks.
- Co-ordinate internal and external audits related to information security documentation and processes.
- Initiate and conduct regular information security health checks and cybersecurity drills.
Job Requirements:
- Bachelor’s degree or above in Information Technology or related disciplines.
- Minimum of 5 years’ experience in banking, IT or information security, with direct responsibility for security tool operations and rule configurations.
- Possession of recognised information security professional qualifications compliant with Hong Kong Monetary Authority, such as CISSP, CISM, CISA, CSX-S, CSX-E, CCSP, CRT, CCT Infra, CCT Web App, CCSAS or CCSAM.
- Experience in drafting information system security or technology risk management policies, procedures and standards.
- Hands-on experience participating in simulated cyberattack drills, acting as a member of red or blue teams.
- In-depth knowledge and practical experience in offensive techniques such as SQL injection, buffer overflow, cross-site scripting, sniffing, antivirus and trojan evasion, privilege escalation, CC attack, lateral movement and vulnerability exploitation.
- Fluency in Chinese, Mandarin, Cantonese and English.
Share this
