Responsibilities:
- Oversee the implementation of information security projects, managing external IT vendors and consultants to ensure timely and on-budget delivery.
- Manage information security systems and services to maintain compliance with internal policies, industry standards (ISO 27001), and regulatory requirements.
- Assist in establishing comprehensive information security policies, standards, procedures, and guidelines for the organization.
- Research and recommend appropriate cybersecurity technologies and solutions to address evolving security threats.
- Foster a customer-focused and innovative mindset within the team, providing technical guidance to less experienced members.
- Promote cybersecurity awareness among staff through training and awareness programs.
- Perform other ad-hoc information security-related tasks as required.
Required Qualifications and Experience:
- Degree in Computer Science, Information Technology, or a related discipline, with relevant information security certifications preferred.
- Minimum 8 years of IT experience, with at least 5 years in information security roles within a corporate or large-scale organization.
- Extensive expertise in designing and implementing various information security solutions, such as firewalls, Extended Detection and Response (XDR), Secure Access Service Edge (SASE), Cloud Security Posture Management (CSPM), and DevSecOps practices.
- Hands-on experience in implementing IT/security frameworks
- Possession of at least one professional information security certification (e.g., CISSP, CISM, CCSP).
- Ability to define functional and technical specifications for external IT consultants, vendors, and service providers.
- Proven track record in managing large-scale security projects, delivering on time and within budget.
Employer questions
Your application will include the following questions:
- Which of the following statements best describes your right to work in Hong Kong?