Manager, Information Security, Application Security Assessment and Compliance

Job Responsibilities

•  Provide Information security consultancy and to perform review for new business/IT initiatives and new applications to ensure that security considerations are incorporated into the design of new business/IT initiatives
• 3rd parties security management, review and monitoring, due diligence, Contract requirement on information security & ongoing monitoring to assure that relevant security controls are in places by 3rd party service provider with access to the Bank’s sensitive and customer data 
• Vulnerability scanning, identification, assessment & management to ensure that vulnerabilities identified in the Bank are properly assessed and timely mitigated
• Review compliance with security requirements and standards (e.g. HKMA C-RAF, SWIFT Customer Security Programme CSP, SFC Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading, PCI DSS) to assure that the Bank are compliance with the relevant security requirements and standards
• Penetration testing coordination & issue resolution to ensure vulnerabilities identified are timely mitigated
• Staff and customer cyber security awareness educations to raise their awareness on emerging security threats and attacks
• Review firewall rules & network perimeter defense to ensure effective perimeter defense are in place
• Develop and maintain security policy and standards to define security baseline requirements of the Bank  
• Provide security consultancy on secure application development to improve overall security of our applications

Job Requirements

• At least 5 years of experience in information & cyber security, technology risk, regulatory compliance, risk & control from the banking and finance industry
• Extensive knowledge on information and cybersecurity principles and best practices 
• Practical experience in conducting information security risk assessment
• Familiar with the regulatory environment of the banking and finance industry such as HKMA Cyber Resilience Assessment Framework C-RAF.
• Experience in performing regulatory compliance assessment & reporting on information and cybersecurity
• Strong communication and interpersonal skill and be able to work with stakeholders
• Business knowhow on retail and commercial banking business
• Experience in security control and assessment on cloud platforms is a plus
• Degree holder major in Computer Science or related field
• Relevant certification in information security (e.g. CISSP, CISA or CISM etc.)

We offer competitive package to the right candidates. Interested parties please send your resume with current and expected salary by clicking the 立即申請 button.  

 All information provided by applicants will be treated in strict confidence and handled confidentially for recruitment purposes only. Applicants who are not contacted within 8 weeks may consider their application unsuccessful and their data will be destroyed within 12 months.