To support and oversee the 1st line of defense function of IT Security operations for the Bank. In addition, this role will assist 2nd line on the development, implementation and maintenance of the bank’s cyber security control framework.
- Supervise day to day IT security operations including user access management, security monitoring, cyber threat intelligence collection, analysis, investigation, escalation and reporting, etc.
- Support and maintain IT Security systems covering Anti-DDoS, Anti-Malware, IPS, PAM, and DBF, etc.
- Conduct IT security control assessment/review on new technology projects, system upgrade, or incident follow up.
- Develop and maintain information security documents, guidelines and control baselines, etc.
- Coordinate for internal/external audit and risk assessment, etc.
- Contribute on BCP plan and design, supervise and manage the execution of drill exercises, etc.
- Perform other IT Security related duties and/or special projects as assigned
- Degree holder in Information Technology, Computer Science or related disciplines.
- At least 10 year working experience in information security gained from bank or FI.
- Extensive knowledge of network technologies, TCP/IP, network security, cyber security, privileged identity management and various encryption methodologies.
- Hands-on experience in security solutions such as: Firewall, NIPS/NIDS, WAF, Anti-malware, PAM, etc.
- Solid experience in IT security audit or compliance (such as security risk assessment and security audit, C-RAF).
- Holding valid certification in IT security management is preferable (e.g. CISSP, CISA, CISM, ITIL v3, or equivalent).
- Understanding of technology risk frameworks (i.e. HKMA TM-G-1, C-RAF, SWIFT CSP) is a plus.
To apply, please submit your CV with information of your current & expected salary and availability. Applicants who are not contacted within one month may consider their applications for the specified position unsuccessful.
All information provided by applicants will be used only for recruitment purposes and will be used strictly in accordance with the Bank's personal data policies, a copy of which may be obtained by the applicant upon request. Unless otherwise instructed in writing by the applicant concerned, applicants may be considered for other suitable positions within the Bank. The personal data of unsuccessful job applicants may be retained for a maximum of two years from the date when the job application is rejected and such data may be retained for a longer period if there is a subsisting reason that obliges the Bank to do so, after which the personal data will be destroyed.