Senior Manager, Information Security

  • Negotiable
  • Hong Kong
  • Permanent, Full time
  • China CITIC Bank International Limited
  • 29 Sep 16

Job Purpose: Ensure IT infrastructure setup and operations are aligned with the Bank’s internal policy and regulatory requirements by implementing IT security solutions.


•   Develop and maintain information security policy, standard and baseline.
•   Support and define IT security framework to guard against security exposure and technology risk.
•   Conduct risk assessment on IT related initiatives, technology related outsourcing, e-Banking and public cloud related on project design and implementation to meet the requirements of HKMA, compliance, internal policy and best practices.
•   Ensure the system, network and database security in compliance with established policy, standard and baseline.
•   Manage and handle the vulnerability scanning/penetration testing for i-Banking and credit card data related systems to ensure security compliance.
•   Execute and manage the cyber security matters.
•   Provide support to the disaster recovery plan.
•   Act as focal point to liaise with auditors regarding IT infrastructure.
•   Provide suggestion and advice to IT application for security compliance.


•   Degree holder in Information Technology or related discipline
•   Holder of CISSP, CISM or CISA preferred
•   Minimum 5 or 7 years experience in IT security and technology risk management
•   Knowledge on operations system platforms, such as Windows, Unix, Linix
•   Familiar with network security products, such as Firewall, Router, Switch, IDS/IPS, DDosS, Load-balancer, SSL VPN, End-point protection, DLP and APT solution
•   Familiar with encryption technology and security standards for VDI, Mobility, Cloud, etc.
•   Experience in application security control review is a big advantage.
•   Experience in handling vulnerability/penetration test service provider and PCI-DSS assessor
•Knowledge on regulatory requirements such as HKMA, MAS, PCI-DSS