Our client is a full-serviced commercial bank with strong presence in HK and Asia. They are on an aggressive Information Technology Transformation runway, and is strengthening their infrastructure & cyber security to support the business growth. Cyber Security is one of the Bank's core values.
Key Objective & Results (KOR) -
- The job holder will be responsible for the first line of defence in Technology & Cyber Security framework, ensure IT infrastructure setups are aligned with the Bank's internal policy as well as regulatory requirements for providing a secured IT environment for business growth.
- You will need to ensure cybersecurity monitoring and new deployed security solutions are sustainable. Besides, you will involve in developing IT security standards, guidelines and baselines.
Job duties -
You will be playing a key role in the team to help maintaining and improving the following for the Bank:-
- Establish a bank-wide Cybersecurity Security Framework
- Develop and maintain Cybersecurity strategy and program to guard against security exposure and technology risk
- Optimize the strategy and strengthen the practice for privileged ID support, key and eCert management
- Develop a “red teaming” exercise to provide regular internal assessments
- Manage and perform regular vulnerability assessments / penetration testing for bank-wide applications and systems as per request
- Maintain and improve the effectiveness and efficiency on security related BAUs, and ensure to comply with regulatory requirements
- Manage and maintain the performance of outsourcing security Vendor (e.g. SOC)
- Evaluate, recommend and manage the implementation of security solution including but not limited to BYOD, DLP, DDoS, Phishing, APT, Cloud, etc
- Review and comment IT infrastructure and application initiatives whether the design and architecture aligns with internal security policies and best practices
- Develop, implement and review security awareness tips, training and testing
- Advise Overseas branch with regards to IT security matters
You will also support the Cybersecurity Team Head in various cybersecurity initiatives, such as:
- Define the project scope, resources allocation, scheduling and technical implementation of Cybersecurity related projects
- Dvelop & maintain information security standard & baseline, and ensure configuration compliance with established standard & baseline by conducting regular re-certification
- Degree holder in Information Technology or related discipline.
- Min 8 years’ experience in IT and/or Information Security/ Technology Risk Management in which at least 3 years in banking industry
- Knowledge on various platforms’ operation system such as Windows, Unix, Linux.
- Know-how to detect, investigate and resolve Cyber attacks, and coordinate with law enforcement body or Cyber security protection alliance
- Familiar in penetration tests and provide relative remediation for findings.
- Familiar with network security products such as Firewall, Router, Switch, DDoS, IDS/IPS, Load-balancer, SSL VPN, End-point protection, DLP and APT solution.
- Familiar with regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS and etc.
- Possess domain knowledge of retail banking
- Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
- Certified in CISSP, CISA, CISM or other recognized certificate is a must
- ITIL/PMP certification is preferred
- Certified in CEH, GIAC, CCNP would be an added advantage
To apply, please send your detailed resume or contact Karen Yim at 2851 7725 for a confidential discussion.
Only shortlisted candidates will be notified.
Applicants who are not contacted within two weeks may consider their applications unsuccessful.
All data collected will be used for recruitment purpose only & will be used strictly confidential.