Overview

We are seeking a talented and experienced Cybersecurity Specialist / Manager to join our expanding team. This role is pivotal in ensuring the security and resilience of our critical infrastructure and data.

Responsibilities

• Create and maintain security policies, procedures, and guidelines. Develop and implement robust security controls to address cyber risks. Monitor compliance with regulatory requirements and group policies.
• Perform control and technical assessments to identify gaps and weaknesses. Prioritize findings with system owners to ensure effective remediation. Track exceptions and remediation progress. Develop appropriate metrics for reporting.
• Advice on security tools such as Firewall, IDS/IPS, NDR, EDR, PAM, DLP, SIEM, SOAR, SASE, vulnerability scanners. Develop and maintain security baselines. Assist in the incident response process. Support cybersecurity projects. Develop and maintain necessary documentation.
• Collaborate with internal or external parties to conduct required assessments such as penetration tests, compliance reviews, third-party vendor assessments, and audits. Follow through on findings and recommendations to close out all gaps.
• Enhance the cybersecurity awareness program. Conduct training and phishing exercises to improve organizational awareness. Monitor the latest security threats, vulnerabilities, and technology trends.

The Person

• Degree holders with a keen interest in cybersecurity or technology.
• Minimum 10 years’ experience in technology industries with at least 5 years in related security, technology risk, or compliance roles.
• Self-motivated and able to work independently. Strong problem-solving, project management, communication, and interpersonal skills.
• Good command of written and spoken English and Chinese.
• Familiar with HKMA, PCI-DSS, ISO 27001 or other security risk management framework is an advantage.
• Certification in cybersecurity such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor, PCI-DSS Qualified Security Assessor (QSA) is preferred.
• Hands-on experience in full-cycle security product implementation, vulnerability management, penetration testing, threat intelligence, incident response, or governance risk and compliance (GRC) is highly preferred.