• Policy & Governance: Maintain and update enterprise-wide cybersecurity policies, standards, and guidelines to align with industry best practices and regulatory requirements.
• Security Operations: Implement, monitor, and optimize critical IT security systems (e.g., DLP, CASB, EDR, Privileged Access Management) to safeguard organizational assets.
• Risk & Compliance: Conduct technical security assessments for IT/digital projects and ensure adherence to frameworks like NIST, ISO 27001, and PCI-DSS.
• Architecture & Strategy: Review and modernize IT security architecture to address emerging threats and business needs.
• Incident Management: Lead investigations, containment, and resolution of cybersecurity incidents with minimal business disruption.
• Training & Advocacy: Develop and deliver cybersecurity awareness programs to foster a security-first culture across teams.

Who You Are:

• A Security Champion: Passionate about balancing risk mitigation with enabling business innovation.
• Collaborative Leader: Open-minded and adept at working with cross-functional teams, vendors, and stakeholders across cultures and regions.
• Strategic Thinker: Skilled at positioning security initiatives as business enablers, not roadblocks.

• Bachelor’s degree (or higher) in IT, Computer Science, or related fields.
• 7+ years of hands-on experience in IT security roles, including policy governance, architecture design, and incident response.
• Mandatory certification: CISSP, CISA, CEH, CCSP, or equivalent.
• Deep technical expertise in network security, cloud security, endpoint protection, and DLP solutions.
• Proven track record in implementing/operating tools like CASB, EDR, and Privileged Password Management systems.
• Strong familiarity with compliance frameworks (NIST, ISO 27001, PCI-DSS).
• Fluency in English, Cantonese, and Mandarin for effective stakeholder communication.

Nice to Have:

• Experience in multinational or cross-regional environments.
• Certifications in cloud security (e.g., CCSK, AWS/Azure Security).