Senior Manager/ Manager - Information Security

About Dah Sing Group
The Dah Sing Group is a leading financial services group in Hong Kong offering banking, insurance, financial and other related services through its growing network of over 70 branches in Hong Kong, Macau and Mainland China.
Our currency is caring, teamwork and progressiveness. We accept that everyone is unique and different in talent, but alike in the capacity for growth. Our task is to shape a culture that creates a sense of pride in achieving something beyond just a job, and an environment where you can be your true and authentic self, like at home.

Job Purpose:
Reporting to the Team Head to support delivering information security services and carrying out information security related activities.

Job Description of the position:
• Manage security tools
• Act as project manager role on information security projects.
• Provide technical guidance to systems and network team regarding security configurations
• Analyse cybersecurity incidents and make recommendations on remedial actions.
• Define and design adequate security controls to maintain secure control environment.
• Conduct regular security assessment on systems, network and IT infrastructure
• Assist in communicating technology risk management policies, standards and procedures to stakeholders.
• Provide security advisory service to stakeholders on new initiatives and development projects.
• Act as project manager role on information security projects.
• Implement systems and procedures to enable digital forensics capabilities
• Maintain Cyber Incident Response plan and playbook. Conduct cyber incident response drill in regular basis.
• Manage information security programmes such as vulnerability management, Network Access Control, SIEM and DLP programmes

Incumbent Requirements:
• University graduate in Computer Science / Information Technology or equivalent.
• Minimum 5 years of relevant work experience in technology risk, information security and cybersecurity.
• Possess one or more professional certificates : CISSP, CISA, CISM, CCSP
• Sound knowledge in Public Key Infrastructure (PKI), Internet vulnerability, cybersecurity, firewalls, Intrusion Detection/Prevention System and application security of finance/banking systems.
• Solid experience in regulators' requirement on technology risk management including the Supervisory Policy Manuals of HKMA, Cyber Resilience Assessment Framework (CRAF), Personal Data Privacy Ordinance, PCI Data Security Standard, SFC guidelines and Customer Security Controls Framework of SWIFT
• Solid experience in vulnerability management, penetration test and technology risk assessment; red team exercise and pen test experience is a plus
• Strong communication in both Chinese and English; Good communication and interpersonal skills.
• Mature, independent and able to deliver quality results under tight schedule.

Candidate with less experience may be considered as Manager

Please note that only shortlisted candidates will be notified.