Vice President, IT Security

Responsibilities:

• To assist to establish a bank-wide Cybersecurity Security Framework
• Assists to develop and maintain Cybersecurity strategy and program to guard against security exposure and technology risk
• To optimizes the strategy and strengthen the practice for privileged ID support, key and eCert management
• To assists to develop a “red teaming” exercise to provide regular internal assessments
• To manage and perform regular vulnerability assessments / penetration testing for bank-wide applications and systems as per request
• Assist Cybersecurity Team Head on various cybersecurity related projects including defining project scope, resources allocation, scheduling and technical implementation.
• Assist Cybersecurity Team Head to develops & maintains information security standard & baseline, and ensure configuration compliance with established standard & baseline by conducting regular re-certification 
• To maintain and improve the effectiveness and efficiency on security related BAUs, and ensure to comply with regulatory requirements
• Manage and maintain the performance of outsourcing security Vendor (e.g. SOC)
• Evaluates, recommends and manages the implementation of security solution including but not limited to BYOD, DLP, DDoS, Phishing, APT, Cloud, etc
• Reviews and comments IT infrastructure and application initiatives whether the design and architecture aligns with internal security policies and best practices
• Develops, implements and reviews security awareness tips, training and testing

• Advises Overseas branch with regards to IT security matters

Requirements:

• Degree holder in Information Technology or related discipline.
• Min 8 years’ experience in IT and/or Information Security/Technology Risk Management in which at least 3 years in banking industry
• Knowledge on various platforms’ operation system such as Windows, Unix, Linux.
• Know-how to detect, investigate and resolve Cyber attacks, and coordinate with law enforcement body or Cyber security protection alliance  
• Familiar in penetration tests and provide relative remediation for findings.
• Familiar with network security products such as Firewall, Router, Switch, DDoS, IDS/IPS, Load-balancer, SSL VPN, End-point protection, DLP and APT solution.
• Familiar with regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS and etc.
• Possess domain knowledge of retail banking
• Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
• Certified in CISSP, CISA, CISM or other recognized certificate is a must
• ITIL/PMP certification is preferred
• Certified in CEH, GIAC, CCNP would be an added advantage

For more details about career opportunities with the Bank, please visit our website http://www.cncbinternational.com/careers/en/index.jsp. Please apply with full resume stating current and expected salaries.

Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.

China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment. All employment decisions will be made in a non-discriminatory manner.