AVP, IT Security & Control (Information Technology Department)

Responsibilities：

• Maintain and follow the regulatory requirements on security such as HKMA Cybersecurity Fortification Initiatives (CFI) requirements so as to wider the security protection perspectives of the Bank

• To align our Bank’s internal policies, standard, guidelines, procedures and other IT governance framework with external regulatory compliance (such as HKMA SPM, Cybersecurity CFI, SFC etc.) requirements and industry’s best practice regarding information technology according to the Bank environments and needs

• Communicate security objectives and requirements clearly to stakeholders, users and the Headquarter

• Conduct security assessments on various platforms, including web applications, networks, and cloud environments

• Lead and perform vulnerability assessment to the Bank’s IT system

• Lead and perform system and network configuration hardening reviews to ensure the system and network security of the Bank

• Study, evaluate and implement the Information or Cyber security solutions for cyber security protection perspectives

• Technical support and administrative on the Bank’s security related systems

• Manage the reported security related matters and report to security team leader for the status, resolutions and remediation actions

• Perform daily security monitoring on the Bank’s IT systems

• Study, evaluate and implement data classification and security measurement and protection solutions

Requirements:

• Degree holder in Computer Science or Engineering or related disciplines

• CISA / CISM / CISSP or equivalent is preferred 

• Qualification in ECF is preferred

• Minimum 5 years of relevant working experience in IT Security, Information Security or IT Audit

• Solid experience in Information / cyber security controls and reviews to ensure the adequate controls and the adherence to Security Policies and Standards of the Bank

• Solid experience and understanding of regulatory requirements such as HKMA SPM, Cybersecurity Fortification Initiatives (CFI), SFC, PCI-DSS and etc.

• Strong analytical, problem-solving, and decision-making skills

• Experiences and understandings in Cyber Security principles, Information security risk managements & controls

• Familiar with the security practices on patch management, key / certificate management, privileged account management, vulnerability scanning, software / application whitelisting, APT protection, system hardening

• Proficiency with security technologies such as SIEM, IDS/IPS, EDR, firewalls, and threat intelligence platforms

• Knowledge on security features of firewall, router, switch, IPS/IDS, APT, VPN, Database, Windows / Linux / AIX platforms.

• Understanding of the banking systems and applications are preferred

• Good command of written and spoken English and Putonghua