Responsible for the 1st line of defense in Technology & Cyber Security risk framework. To assist Cybersecurity Services Team Head to maintain and improve the cybersecurity BAU effectiveness and efficiency through explore and introduce security automation solutions. Ensure cybersecurity monitoring and new deployed security solutions are sustainable. Helps to develop IT security standards, guidelines and baselines. Ensure IT infrastructure setups are aligned with bank’s internal policy as well as regulatory requirement in order to provide secured IT environment for delivering services to business.
- To assist to establish a bank-wide Cybersecurity Security Framework
- Assists to develop and maintain Cybersecurity strategy and program to guard against security exposure and technology risk
- To optimizes the strategy and strengthen the practice for privileged ID support, key and eCert management
- To assists to develop a “red teaming” exercise to provide regular internal assessments
- To manage and perform regular vulnerability assessments / penetration testing for bank-wide applications and systems as per request
- Assist Cybersecurity Team Head on various cybersecurity related projects including defining project scope, resources allocation, scheduling and technical implementation.
- Assist Cybersecurity Team Head to develops & maintains information security standard & baseline, and ensure configuration compliance with established standard & baseline by conducting regular re-certification
- To maintain and improve the effectiveness and efficiency on security related BAUs, and ensure to comply with regulatory requirements
- Manage and maintain the performance of outsourcing security Vendor (e.g. SOC)
- Evaluates, recommends and manages the implementation of security solution including but not limited to BYOD, DLP, DDoS, Phishing, APT, Cloud, etc
- Reviews and comments IT infrastructure and application initiatives whether the design and architecture aligns with internal security policies and best practices
- Develops, implements and reviews security awareness tips, training and testing
- Advises Overseas branch with regards to IT security matters
- Degree holder in Information Technology or related discipline.
- Min 8 years’ experience in IT and/or Information Security/Technology Risk Management in which at least 3 years in banking industry
- Knowledge on various platforms’ operation system such as Windows, Unix, Linux.
- Know-how to detect, investigate and resolve Cyber attacks, and coordinate with law enforcement body or Cyber security protection alliance
- Familiar in penetration tests and provide relative remediation for findings.
- Familiar with network security products such as Firewall, Router, Switch, DDoS, IDS/IPS, Load-balancer, SSL VPN, End-point protection, DLP and APT solution.
- Familiar with regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS and etc.
- Possess domain knowledge of retail banking
- Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
- Certified in CISSP, CISA, CISM or other recognized certificate is a must
- ITIL/PMP certification is preferred
- Certified in CEH, GIAC, CCNP would be an added advantage
For more details about career opportunities with the Bank, please visit our website http://www.cncbinternational.com/careers/en/index.jsp. Please apply with full resume stating current and expected salaries.
Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.
China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment. All employment decisions will be made in a non-discriminatory manner.