Manager, Information Security

Job Purpose:
Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

• Support security tools including network firewall, DLP, SIEM, vulnerability scanning, micro-segmentation
• Review the firewall rule change requests; conduct the modification or reject if the request may expose the Group to unacceptable risk
• Act as project manager role on information security projects
• Provide technical guidance to systems and network team regarding security configurations
• Analyse cybersecurity incidents and make recommendations on remedial actions.
• Define and design adequate security controls to maintain secure control environment.
• Conduct regular security assessment on systems, network and IT infrastructure
• Provide security advisory service to stakeholders on new initiatives and development projects.
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill in regular basis.
• Monitor and govern external service providers, including both outsourcing service providers and connected third parties, to deliver the services as per the Group’s security requirements.

Incumbent Requirements:

• Minimum 6 years of relevant work experience in technology risk, information security and cybersecurity
• University graduate in Computer Science / Information Technology or equivalent.
• One or more certificates listed below:
  • ISC2 Certified Information Security Professional (CISSP)
  • ISACA Certified Information System Auditor (CISA)
  • ISACA Certified Information Security Manager (CISM)
  • ISC2 Certified Cloud Security Professional (CCSP)
• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and application security of finance/banking systems, in particular hands on experience in firewall management
• Experience in regulators’ requirement on technology risk management including the
• Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls
• Framework of SWIFT
• Strong information security sense in relation to business requirements
• Mature, independent and able to deliver quality results under tight schedule