Senior IT Security Specialist

  • Negotiable
  • Hong Kong
  • Permanent, Full time
  • China CITIC Bank International Limited
  • 21 May 19

Implement, maintain and review Cyber security controls to address the risks as stipulated by regulatory requirement and other best practice framework. Ensure security infrastructure is stable and reliable for delivering services to business.

Key Responsibilities

• Assist to define IT security framework to guard against Cyber security exposure and technology risk 
• Manage the implementation of policy or intelligence based security solution for End Point Protection, DLP, APT, Application White-listing, etc. per C-RAF requirement
• Assist to drive cybersecurity related projects including scope definition, vendor coordination, scheduling and technical implementation
• Drive the continuous improvement in SIEM correlation and used cases
• Assist to develop Security Operation Center (SOC) and establish KPI to formalize the measurement of degree of attack and our defense ability 
• Make use of automation tool to ensure the platform and network security in compliance with the established standard and baseline
• Conduct security risk assessment for application, infrastructure and adoption of new technologies
• Liaise with internal and external parties / audits on handling the technical response to the audit review and assessment initiated
• Review exception events/logs from in-house security platforms as well as from market intelligence  
• Provide security advice to internal users


• Degree holder preferably in Information Technology or relevant discipline
• At least 7 years’ experience with at least 4 years in IT/ Network Security  
• Knowledge on various platforms’ operation system e.g. Windows, Unix, Linux
• Familiar with network security products such as Firewall, IDS/IPS, WAF, DDoS, VPN, End-point protection, Anti-phishing, DLP, APT and SIEM solution
• Familiar with the encryption technology and hardware security module
• Knowledge on regulatory requirements such as HKMA, MAS, PCI-DSS and etc
• Experience in handling vulnerability/penetration test service provider, PCI-DSS assessor, Cyber-attack simulation agency
• Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
• Certified in CISSP, CISA, CISM or other recognized certificate is a must
• Certification in CEH, GIAC, CCNP would be an added advantage