Develop and maintain Cyber Security strategy
- Assist to develop and maintain Cyber Security strategy and program to guard against security exposure and technology risk
- Strengthen the internet browsing security control to minimize the cyberattack and enhance the data leakage protection for all user’s migration
- Work closely with various IT teams and TRM to conduct Cyber Security risk assessment, simulated testing and subsequent remediation
- Lead various cybersecurity related projects including defining project scope, resources allocation, scheduling and technical implementation
- Develop and maintain information security standard & baseline, and ensure configuration compliance with established standard & baseline by conducting regular re-certification
- Evaluate, recommend and manage the implementation of all security solution including but not limited to BYOD, DLP, DDoS, Phishing, APT, Cloud, EDR, Anti-malware, etc.
- Manage and handle the vulnerability assessments / penetration testing for iBanking and other critical systems as per request
- Develop / optimize the strategy and practice for privileged ID support, key and eCert management
- Manage and maintain the performance of outsourcing security Vendor (e.g. SOC)
- Liaise with internal and external audits / reviews on handling the technical response and ensure the remediation work is up to satisfaction in terms of timing and quality
- Degree holder in Information Technology or related discipline
- Min 10 years’ experience in IT and/or Information Security/Technology Risk Management in which at least 5 years in people management authority
- Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
- Certified in CISSP, CISA, CISM or other recognized certificate is a must
- ITIL/PMP certification is preferred
- Certified in CEH, GIAC, CCNP would be an added advantage
- Knowledge on various platforms’ operation system such as Windows, Unix, Linux.
- Know-how to detect, investigate and resolve Cyber attacks, and coordinate with law enforcement body or Cyber security protection alliance
- Familiar with network security products such as Firewall, Router, Switch, DDoS, IDS/IPS, Load-balancer, SSL VPN, End-point protection, DLP and APT solution
- Familiar with the emerging technology and security standard for VDI, Mobility, Cloud, etc.
- Familiar with regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS and etc.
- Experience in handling vulnerability/penetration test service provider and PCI-DSS assessor
- Possess domain knowledge of retail banking
For more details about career opportunities with the Bank, please visit our website http://www.cncbinternational.com/careers/en/index.jsp. Please apply with full resume stating current and expected salaries.
Personal data collected will be used for recruitment related purposes only. Applicants not invited for interview within 6 weeks may consider their applications unsuccessful. However, applicants may be considered for other suitable positions within the Group for a period of not more than 2 years. Personal data will be destroyed at any time after 3 months.
China CITIC Bank International is committed to being an equal opportunities employer and intends to provide a work environment free of unlawful discrimination or harassment. All employment decisions will be made in a non-discriminatory manner.