Human Resources Officer, Business Partner
Maintains information and cyber security standard & baseline
- Maintains information and cyber security standard & baseline
- Assists to defines IT security framework to guard against Cyber security exposure and technology risk
- Manages the implementation of policy or intelligence based security solution for End Point Protection, DLP, APT, Application White-listing, etc per C-RAF requirement
- Assists to drive cybersecurity related projects including scope definition, vendor coordination, scheduling and technical implementation.
- Drives the continuous improvement in SIEM correlation and used cases
- Assists to develop Security Operation Center (SOC) and establish KPI to formalize the measurement of degree of attack and our defense ability
- Make use of automation tool to ensure the platform and network security in compliance with the established standard and baseline
- Conduct security risk assessment for application, infrastructure and adoption of new technologies
- Liaises with internal and external parties / audits on handling the technical response to the audit review and assessment initiated
- Reviews exception events/logs from in-house security platforms as well as from market intelligence
- Provides security advice to internal users
- Knowledge on various platforms’ operation system e.g. Windows, Unix, Linux.
- Familiar with network security products such as Firewall, IDS/IPS, WAF, DDoS, VPN, End-point protection, Anti-phishing, DLP, APT and SIEM solution.
- Familiar with the encryption technology and hardware security module
- Knowledge on regulatory requirements such as HKMA, MAS, PCI-DSS and etc.
- Experience in handling vulnerability/penetration test service provider, PCI-DSS assessor, Cyber-attack simulation agency.
- Degree holder in Information Technology or relevant discipline.
- 7+ years’ experience in IT in which at least 4 years are IT or Network Security relevant
- Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity
- Certified in CISSP, CISA, CISM or other recognized certificate is a must
- Certification in CEH, GIAC, CCNP would be an added advantage