Information Security Consultant

We are seeking a skilled Information Security Consultant to join our client's team in Hong Kong. This is a critical role responsible for safeguarding the organisation's networks, systems, and data from cyber threats, unauthorised access, and potential breaches. You will be expected to take ownership of both incident response coordination and infrastructure security support, ensuring compliance with cybersecurity frameworks while enhancing our security operations.

Main Responsibilities:

• Incident Coordination & Response (50%)
• Serve as the key liaison between cybersecurity and internal departments.
• Track, document, and drive timely resolution of cybersecurity incidents.
• Escalate critical issues promptly to relevant management or technical teams.
• Generate detailed incident and post-incident reports for review.
• Adhere to established cybersecurity frameworks such as NIST, SANS, and ITIL.
• Maintain accurate documentation for all security changes and incidents.
• Provide out-of-hours support in case of urgent security events.
• Monitor and stay informed of evolving cyber threats and risks.
• Assist in coordinating emergency response initiatives when required.

Infrastructure Security Support (50%)

Firewall Management:

Assess and validate firewall rule change requests for compliance.

Collaborate with IT to optimise firewall configurations and reduce excessive access.

Web Application Firewall (WAF) Support:

Manage and fine-tune WAF policies to secure web applications.

Troubleshoot and resolve issues related to WAF functionality.

Implement appropriate security controls for network and cloud systems.

Ensure alignment of firewall and WAF settings with internal security policies.

Participate in audits, risk assessments, and ongoing security enhancement initiatives.

Additional Duties:

• Build and maintain strong relationships with key stakeholders to support security objectives.
• Ensure organisational IT systems comply with internal technology governance frameworks.
• Promote awareness of technological risks and cybersecurity best practices across teams.
• Support the enhancement of our organisation's resilience through technology governance programmes.
• If the role includes regulated activities, appropriate licensing must be obtained and maintained.