Detail

Responsibilities:

Policy & Governance: Maintain and update enterprise-wide cybersecurity policies, standards, and guidelines to align with industry best practices and regulatory requirements.
Security Operations: Implement, monitor, and optimize critical IT security systems (e.g., DLP, CASB, EDR, Privileged Access Management) to safeguard organizational assets.
Risk & Compliance: Conduct technical security assessments for IT/digital projects and ensure adherence to frameworks like NIST, ISO 27001, and PCI-DSS.
Architecture & Strategy: Review and modernize IT security architecture to address emerging threats and business needs.
Incident Management: Lead investigations, containment, and resolution of cybersecurity incidents with minimal business disruption.
Training & Advocacy: Develop and deliver cybersecurity awareness programs to foster a security-first culture across teams.

Who You Are:

A Security Champion: Passionate about balancing risk mitigation with enabling business innovation.
Collaborative Leader: Open-minded and adept at working with cross-functional teams, vendors, and stakeholders across cultures and regions.
Strategic Thinker: Skilled at positioning security initiatives as business enablers, not roadblocks.

Requirements:

Bachelor’s degree (or higher) in IT, Computer Science, or related fields.
7+ years of hands-on experience in IT security roles, including policy governance, architecture design, and incident response.
Mandatory certification: CISSP, CISA, CEH, CCSP, or equivalent.
Deep technical expertise in network security, cloud security, endpoint protection, and DLP solutions.
Proven track record in implementing/operating tools like CASB, EDR, and Privileged Password Management systems.
Strong familiarity with compliance frameworks (NIST, ISO 27001, PCI-DSS).
Fluency in English, Cantonese, and Mandarin for effective stakeholder communication.

Nice to Have: