Responsibilities

• Evaluate information security risks associated with new projects and recommend mitigation strategies.
• Develop and implement a cyber defense plan that aligns with Group standards and adheres to Hong Kong Monetary Authority regulations.
• Oversee daily information security operations, including security event monitoring, rule design for security detection, case follow-ups, progress reporting, account management, vulnerability management, and penetration testing.
• Coordinate internal and external audits related to information security.
• Conduct regular information security health checks and cybersecurity drills.

Requirements

• Bachelor’s degree or higher in Information Technology or a related field.
• At least 5 years of experience in banking, IT, or information security, with hands-on experience in operating security tools and establishing security protocols.
• Must hold information security professional certifications recognized by the Hong Kong Monetary Authority (e.g., CISSP, CISM, CISA, CSX-S, CSX-E, CCSP, CRT, CCT Infra, CCT Web App, CCSAS, CCSAM).
• Experience in developing policies, procedures, and standards for information system security or technology risk management.
• Participation in simulated cyber attack drills as a red or blue team member, with practical experience in various attack methods such as SQL injection, buffer overflow, cross-site scripting, sniffing, antivirus bypass, privilege escalation, CC attacks, lateral penetration, and vulnerability mining.