Information Security Analyst, IT Security Department (Ref:202627-03)

We offer

• 5-day work week
• Comprehensive medical & dental insurance coverage
• Competitive annual leave package
• Competitive pay and Discretionary bonus
• Staff purchase discount in AEON group
• Friendly working environment with dynamic and talented team members
• Smart and casual attire (Monday to Friday)
• Learning and development opportunities
• Convenient office located near Tsim Sha Tsui MTR station

Responsibilities

• Support regulatory compliance initiatives, compliance reviews, and internal audits to ensure systems, processes, and policies comply with regulatory, Group, and industry requirements, including PCI DSS, J‑SOX, and ISO standards.
• Identify, analyze, and evaluate IT and operational risks using risk assessments, threat modelling, and vulnerability assessment results.
• Prepare risk assessment and compliance status reports for management, clearly highlighting key risks, control gaps, and recommended corrective actions.
• Review and maintain information security policies, standards, SOPs, and related documentation to ensure alignment with regulatory requirements and industry best practices.
• Support compliance‑related projects and new workflow implementations, providing practical input to minimise gaps between business processes and regulatory requirements.
• Plan and deliver security awareness initiatives, including compliance training, phishing simulations, and annual cyber‑attack drills.
• Maintain complete and accurate audit and compliance records, including findings, remediation plans, supporting evidence, and corrective actions. 

Requirements

• Bachelor's Degree in Computer Science, Information Systems, Risk Management or related discipline.
• At least 3 years of experience in technology risk, IT audit, cyber risk or technology controls within financial services.
• Holder of IT security related professional certifications such as CIS, CISA, CISM, CRISC, CISSP, CIS, MCP, NIST, PCI DSS, etc. are an advantage.
• Strong analytical, problem solving and communication skills.
• Familiar with financial industry regulatory requirements is an advantage.
• Good command of both written and spoken English and Chinese (Mandarin and Cantonese).