15 Information Security jobs in Hong Kong

Join to apply for the Assistant Manager, Information Security Assurance role at The Hong Kong Jockey Club .

Reporting to the Senior Manager, ISA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. This includes designing and implementing a control library to manage cyber risks and developing a control assurance program to test the design and operating effectiveness of controls regularly.

Key responsibilities include conducting information security assurance programs, control testing, red teaming, managing risk assessments, and collaborating with internal and external stakeholders to implement security controls. You will also deliver security projects, ensure robust security measures during system design and operations, coordinate security initiatives, and respond to security incidents to maintain compliance and safeguard assets.

• Assist in establishing the second line of defence (2LOD) technology risk management and security assurance functions.
• Conduct regular assessments and testing of security controls and processes.
• Provide technical advice to ensure compliance with regulations and industry standards.
• Support the selection and review of security solutions, offering design and integration recommendations.
• Implement security initiatives and document processes to adhere to project lifecycles.
• Analyze and report security metrics, trends, and issues to senior management.
• Maintain documentation related to security processes and projects.
• Proactively mitigate network security risks and respond to incidents.
• Guide the configuration and implementation of security controls and frameworks.
• Promote security awareness and foster a risk-conscious culture.
• Support incident management and collaborate with the ERM team to incorporate security risks into the organization’s risk framework.
• Engage with internal audit and third-line functions.

You should have:

• A university degree in Computer Science, IT, Cybersecurity, Engineering, or related fields.
• 3-5 years of experience in information security, risk management, or related areas.
• Hands-on experience with enterprise security infrastructure, risk assessments, and testing.
• Deep knowledge of security principles, risk frameworks, and relevant regulations.
• Familiarity with standards like ISO 27001, NIST.
• Certifications such as CISSP, CISA, CISM, or CRISC are preferred.

Level of appointment will depend on qualifications and experience.

Please send your resume, including expected salary and job reference, by clicking the Apply Now button. We are an equal opportunity employer. Personal data will be handled in accordance with the Club's privacy notice, available upon request.

Direct message the job poster from Kerry Consulting

We are partnering with a Global MNC in the search for a seasoned Global Information Security Manager to enhance and lead their cybersecurity efforts. In this role, you will oversee the development and execution of security strategies, safeguard digital assets and customer data, and ensure robust cybersecurity practices across all business functions.

The ideal candidate will bring deep expertise in cybersecurity, particularly within the retail sector, and have the ability to translate complex security topics into actionable insights for both technical and non-technical audiences.

Key Responsibilities:

• Develop and implement robust cybersecurity policies, standards, and best practices tailored for the retail environment.
• Identify and prioritize security risks across digital platforms, stores, and internal systems, implementing appropriate mitigation strategies.
• Design and maintain secure architectures covering IT infrastructure, POS systems, cloud platforms, and sensitive customer data.
• Lead the development and execution of incident response plans; manage security incidents effectively and ensure timely resolution.
• Conduct regular security assessments including vulnerability scans and penetration tests; oversee remediation activities.
• Partner with cross-functional teams (IT, operations, legal, marketing) to embed security into ongoing business initiatives.
• Ensure compliance with relevant cybersecurity frameworks and regulations (e.g., GDPR, PCI-DSS, NIST, ISO 27001).
• Drive security awareness and training programs for staff on topics such as phishing prevention and best practices.
• Manage external security vendors and service providers to ensure compliance and service quality.
• Define and track key security metrics and KPIs to evaluate program effectiveness and drive continuous improvement.

Requirements:

• Bachelor's degree in Information Security, Computer Science, or a related field (Master's preferred).
• Minimum of 8 years' experience in cybersecurity
• Proven track record in building and managing enterprise-wide security programs and operations.
• Deep expertise in network, cloud, application security, and data protection.
• Hands-on experience with public cloud environments (AWS, Azure, GCP).
• Strong knowledge of regulatory and compliance requirements (PCI-DSS, GDPR, etc.).
• Familiarity with security frameworks such as NIST and ISO 27001.

To Apply:

If you're keen to explore this opportunity, please share your CV or reach out to Chen Yi at for a confidential discussion.

Kindly note that due to the high volume of applications, only shortlisted candidates will be contacted.

Registration No.: R1876389

Licence No.: 16S8060

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Information Services

Referrals increase your chances of interviewing at Kerry Consulting by 2x

Sha Tin District, Hong Kong SAR 6 days ago

Kwun Tong District, Hong Kong SAR 1 month ago

Sha Tin District, Hong Kong SAR 6 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Principal, Information Security role at AIA Hong Kong and Macau

Continue with Google Continue with Google

Join to apply for the Principal, Information Security role at AIA Hong Kong and Macau

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.
To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.
If you believe in developing a better tomorrow, read on.
About The Role
This position plays a significant role in supporting management and Director of Information Security to promote and enhance the maturity of Information and cyber security of the organisation, as well as related business entities. This is to be done through a robust governance, Information security risk management and compliance programmes, coupled with well-planned communications and awareness-raising programmes tailored for different internal and external stakeholders. Therefore, while the individual taking up this role may not need to be an Information Security expert, he or she must be a quick learner who can grasp a wide range of IT/cyber security topics. The individual must also be a great communicator who can convey messages in English and Chinese involving highly technical IT/cyber risk concepts to all levels of staff (for instance, for awareness-raising campaigns) and to strategic stakeholders (such as regulators, auditors and corporate clients) in an efficient and professional manner.
(Daily operation) Regulatory and Information Security Compliance

• Develop and manage the Information security governance framework & risk portfolio, which follows the AIA’s security standards and guidelines.
• Be the subject matter expert to provide advice on regulatory requirements related to information security.
  

• Lead and coordinate internal efforts to support compliance assessment against regulatory requirements and IT audits conducted by internal/external auditors;
• Coordinate inputs and craft accurate and appropriate responses to enquiries coming from regulators and auditors;
  

• Organise regular and frequent activities and develop localised materials to raise the awareness of staff at all levels on various cybersecurity controls and practices, and other topical issues of Information Security.
• Maintain and curate the internal Information Hub for education and sharing.
  

• Lead ad-hoc cross-functional teams on special projects or strategic initiatives relating to Information Security
• Communicate with group offices, business partners, corporate clients, IT vendors and external parties, as and when needed
  

• Degree holder in Computer Science, Information Systems, Business, Finance, Risk Management, or a related discipline.
• Minimum of 10 years of relevant and solid experience in Information Security risk management and control, gained from international financial institutions, professional firms or financial regulators.
• Holder of relevant IT audit professional qualification and/or IT security certificates preferred (such as CISA, CISM, CISSP etc.).
• Solid experience in handling cybersecurity assessments and IT audit-related assignments and familiar with relevant control requirements from different regulatory bodies such as Hong Kong Insurance Authority, Mandatory Provident Fund Schemes Authority, Macau AMCM etc.
• Excellent communication (written and oral) skills, and demonstratable experience as a highly effective facilitator of cross functional teams.
• Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment.
• Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically when solving problems.
• You are required to obtain the relevant licence(s) if your job involves regulated activities.
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Insurance

Referrals increase your chances of interviewing at AIA Hong Kong and Macau by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

Eastern District, Hong Kong SAR 1 hour ago

Shenzhen, Guangdong, China CN¥45,000 - CN¥5,000 2 years ago

Shenzhen, Guangdong, China CN 5,000 - CN 0,000 1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Requisition ID: 170911 - Posted: Hong Kong SAR - Shangri-La International Hotel Management Limited - Information Technology - Permanent

Shangri-La Group is a global leader in luxury hospitality with unique Asian heritage.

Headquartered in Hong Kong, we have over 100 hotels and resorts under four brands nested in key cities and beautiful beachfront locations globally. We are expanding rapidly with a strong development pipeline throughout Asia, the Middle East, Europe, and Africa.

As an enviable employer with industry-leading levels of colleague engagement, our people are our priority. Our success is only made possible through the efforts and abilities of over 42,000 colleagues worldwide. The focused investment we make in the learning and development of our colleagues is unparalleled in the global hospitality industry.

We are currently looking for an Assistant Vice President, Information Security to assist the VP, Information Security in managing a small team of specialists overlooking all matters related to information security and data protection for the group.

As the Assistant Vice President, Information Security, we will rely on you to:

• Develop and implement company-wide policies & procedures for information security and data protection.
• Review and improve existing policies & procedures for information security and data protection.
• Work closely with IT teams to maintain a secure operating environment.
• Conduct periodic reviews & audits of IT infrastructure, systems & operations, software applications, vendors, and service providers to ensure compliance with information security policies.
• Conduct periodic reviews & audits of hotel operations to ensure compliance with information security policies.
• Manage PCI-DSS and related compliance certification for the group.
• Manage risk assessment programs targeting information security, data protection, and data privacy matters, and implement risk mitigation plans.
• Ensure group compliance with relevant information security and data privacy legislation and regulations for our hotels.
• Manage our group-wide information security and data protection awareness program.
• Manage the information security budget, ensuring the allocation of resources in alignment with company priorities and security objectives.
• Oversee the daily operations of the information security function, including security monitoring, incident handling, and investigation in collaboration with the Security Operations Centers.
• Provide expert advice on information security aspects of new projects and systems, evaluating risks and recommending appropriate security controls and measures.

We are looking for someone who has:

• Bachelor’s degree holder, preferably in a relevant discipline.
• Minimum 6 years of relevant experience in managing information security functions for a sizable company.
• Hands-on experience in developing and implementing enterprise-level information security policies & procedures, and training.
• Familiar with legal, regulatory, and other compliance requirements, including PCI-DSS.
• Familiarity with risk management methodologies.
• Excellent planning, organizing, interpersonal, and communication skills.
• Excellent communication skills in English. Fluency in Chinese (Mandarin) will be desirable.
• Professional certification such as CISSP, CISM, CISA, GIAC, or equivalent will be highly desirable.
• Familiarity with ISO/IEC 27001, NIST, or equivalent will be highly desirable.

2 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from PFCC Group

The Assistant Manager will oversee the operational effectiveness of the firms cybersecurity tools and lead strategic initiatives to enhance infrastructure security. This role involves managing a team of analysts, coordinating with IT and business units, and ensuring compliance with security policies and standards.

Experience in implementing, suppoting and incident handling/escalation with tools such as Forcepoint, Qualys, CyberArk & Symantec.

The successful candidate will have experience with senior level stakeholder engagement, leading a team of Analysts, managing vendors, and handling incidents in a competent and professional manner.

In essence: This role demands a technically proficient security professional who can ensure robust daily operations of critical security tools, drive strategic improvements, manage a team and stakeholders effectively, and maintain strict compliance – all within complex cloud/hybrid environments. Senior-level engagement and incident competence are crucial.

Key Responsibilities:

• Team & Operations Management: Oversee daily security tooling operations (Forcepoint, Qualys, CyberArk, Symantec), ensuring high availability & performance. Manage a team of analysts.
• Strategy & Projects: Plan and execute security tool upgrades/new implementations. Lead strategic initiatives to enhance infrastructure security.
• Stakeholder & Vendor Management: Coordinate closely with IT, business units, and vendors. Ensure alignment with organizational goals.
• Compliance & Governance: Ensure adherence to ITIL processes, corporate security policies, and compliance frameworks. Lead internal audits & risk assessments, reporting findings to senior management.
• Incident & Security Management: Oversee incident response and resolution. Review firewall/access control changes.
• Team Development: Train, mentor, and develop team capabilities.

Critical Experience Required:

• 6+ years in Information Security , including team leadership .
• Proven hands-on experience: Implementing, supporting, and handling incidents/escalations for key tools (Forcepoint, Qualys, CyberArk, Symantec ).
• Operational Expertise: Managing security tools/infrastructure in cloud/hybrid environments .
• Process & Compliance: Strong understanding of ITIL, risk management, and compliance frameworks .
• Stakeholder Engagement: Experience engaging senior stakeholders competently and professionally.
• Leadership: Strong leadership, coaching, and team management skills.
• Technical Acumen: Strategic thinker with hands-on technical expertise in security infrastructure.
• Communication: Excellent communication and stakeholder management abilities.
• Change Management: Ability to drive change and foster continuous improvement.
• Incident Handling: Competence in managing security incidents.

Education & Credentials:

• Essential: Bachelor’s degree in Computer Science or related field.
• Highly Preferred: Advanced certifications (CISSP, CISM, PMP).

Performance Measured By (KPIs):

• Team performance & SLA adherence.
• Successful delivery of security projects.

• Seniority level Not Applicable

• Employment type Full-time

• Job function Information Technology
• Industries Business Consulting and Services, Financial Services, and Hospitality

Referrals increase your chances of interviewing at PFCC Group by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Head of Information Security - APAC role at BSI

Join to apply for the Head of Information Security - APAC role at BSI

Get AI-powered advice on this job and more exclusive features.

Great that you're thinking about a career with BSI!
Head of Information Security – APAC
Hong Kong OR Kuala Lumpur – Hybrid
About The Role
As the Head of Information Security for our APAC region, you be the business facing part of the information security team within the region. You will work to partner and engage with the business to provide consultancy, support, guidance and advice on all Information Security matters. You will also help support projects and programmes relating to the region and any changes required.
Responsibilities

• Support the implementation of global policies, strategies, processes, standards, procedures, roles and controls within the region.
• Act as regional contact for all IT Security related incidents, providing support the IT Security Operations team, IT Infrastructure teams and local business to resolve the incident quickly.
• Investigate and report on hazards, potential risk events within a specific function or business area and carry out risk assessments as directed.
• Take responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution in relation to information security.
• Review compliance to information security policies and standards, taking legal and regulatory requirements into consideration.
• Ensuring security controls are reviewed, implemented and maintained where appropriate.
• Provide authoritative advice and guidance on security strategies to manage identified risk and ensure adoption.
• Continue to develop and maintain knowledge within technical specialism, and keep up to date with technical specialism across BSI, industries and appropriate professional and trade bodies.
  

• Previous experience working in a multi-national, matrix style organisation.
• Demonstrable experience working with teams across multiple time-zones.
• High levels of risk management experience (quantify, assess, document and manage).
• Experience of working with/for businesses in China.
• Great understanding of PIPL.
• Fluent language skills in Cantonese and/or Mandarin.
• English language skills both written and verbal to business conversation level.
  

• Previous hands on technical background.
• An understanding of both highly regulated and lesser regulated industries.
• Previous experience of training within the Information Security sector.
• Experience and or interest in AI.
• Network security skills.
• Security architecture experience.
  

• Seniority level Executive

• Employment type Full-time

• Job function Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at BSI by 2x

Get notified about new Head of Information Security jobs in Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Head of Information Security role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established insurance firm, recognized as a large organization in the industry. Operating in a competitive and fast-paced environment, they are heavily focused on technological innovation and security. Their commitment to maintaining the highest standards of information security is one of their top priorities.

As a Head of Information Security , your main responsibilities will include:

• Defining and implementing the company's information security strategy and roadmap.
• Developing and maintaining the ISMS based on ISO 27001.
• Conducting regular information security risk assessments.
• Ensuring compliance with regulatory requirements related to information security.
• Managing the information security incident response process.
• Providing information security training and awareness to all staff.
• Working closely with the IT department to ensure the security of the IT infrastructure.
• Reporting to management on information security status and initiatives.

A Successful 'Head Of Information Security' Should Have

• A degree in Information Technology, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, or CISA.
• Proven experience in developing and managing ISMS based on ISO 27001.
• Strong knowledge of information security principles and practices.
• Ability to conduct information security risk assessments and audits.
• Experience in managing information security incidents.
• Strong communication and leadership skills.

• A competitive salary range of around HKD 1,080,000 to HKD 1,200,000.
• Standard benefits package including health insurance and retirement plans.
• Opportunity to work in a technologically advanced environment.
• A supportive and collaborative work culture.

We are looking for an ambitious and dedicated professional to join our team in this critical role. If you have the necessary skills and experience, we would love to hear from you. Apply today to secure your future in a highly rewarding career in the insurance industry.

Contact: Alexis Wee

Quote job ref: JN-052025-6742521

• Director

• Full-time

• Information Technology and Engineering

• Insurance, Financial Services, and Capital Markets

Direct message the job poster from Dah Sing Bank

Lead the Information Security Section to ensure adequate and effective controls are in place

Main Responsibilities:

Responsible for the following functions across all entities in the Group and ensure the effectiveness:-

• Report to the Group Chief Operating Officer & Group Head of Information Technology.
• Define security infrastructure strategy and refreshment roadmap.
• Continuous research and introduce new security measures to the Bank that scope with the changing security risk profile.
• To define, review and revise information security policies, standards and guidelines including outsourcing service provider.
• To keep abreast with information security policies, standards and guidelines and to implement it to ensure high levels of integrity, confidentiality and availability of IT resources within the Bank.
• To keep abreast of the latest attack methodologies. Stay ahead of the curve on the latest forensic and incident response methodologies.
• To provide support for investigation of any technology-related frauds and incidents.
• To help protect against web threats that facilitate cybercrime, including malware, phishing, viruses, denial-of-service attacks, information warfare and hacking.
• Reviewing, evaluating and endorsing non-compliance with information security policies.
• Act as focal point for internal, external audit and regulator inspection over information security matters.
• Manages the security infrastructure to ensure adequate, reliable and cost effective resources are employed.
• Detect, identify and monitor security vulnerabilities of the entire infrastructure.
• Contributes to annual strategic plans and operating budgets; monitors throughout the year to ensure adherence to strategic goals, appropriate expenditure of funds, and timely processing of expenses.
• Review and endorse security design of IT solutions.
• To ensure awareness of, and compliance with, the information security policies and standards,
• Sets goals, assigns, and directs staff activities; provides guidance and training; reviews and evaluates staff work and prepares performance appraisals; confers with employees to develop career plans and address development needs; contributes to salary planning and financial planning processes.
• Establishes staffing requirements for section and carries out human resources responsibilities such as: defining job responsibilities; making selection, promotion, termination decisions; setting performance objectives and conducting performance appraisals; and participates in salary planning.
• At least 15 years of relevant experience in banking IT field; with over 10 years in technology risk and/or information security area and 5 years or above in managerial role.
• University graduate in Computer Science / Information Technology or equivalent.
• One or more certificates listed below:
• ISC2 Certified Information Security Professional (CISSP)
• ISACA Certified Information System Auditor (CISA)
• ISACA Certified Information Security Manager (CISM)
• ISC2 Certified Cloud Security Professional (CCSP)
• Sound knowledge in Public Key Infrastructure (PKI), Internet vulnerability, cybersecurity, firewalls, Intrusion Detection/Prevention System and application security of finance/banking systems.
• Solid experience in regulators’ requirement on technology risk management including the Supervisory Policy Manual of HKMA, Personal Data Privacy Ordinance, PCI Data Security Standard, SFC guidelines and Customer Security Controls Framework of SWIFT
• Strong communication skill, both in Chinese and English.
• Able to drive changes and strong execution ability.
• Mature and able to work independently under pressure

• Seniority level Director

• Employment type Full-time

• Job function Information Technology
• Industries Banking

Referrals increase your chances of interviewing at Dah Sing Bank by 2x

Get notified about new Head of Information Security jobs in Hong Kong, Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Assistant Manager, Information Security page is loaded

SUMMARY:

The Assistant Manager will oversee the operational effectiveness of Melco’s cybersecurity tools and lead strategic initiatives to enhance infrastructure security. This role involves managing a team of analysts, coordinating with IT and business units, and ensuring compliance with security policies and standards.

PRIMARY RESPONSIBILITIES:

• Manage day-to-day operations of the security tooling team, ensuring high availability and performance of security systems.

• Lead planning and execution of security tooling upgrades and new implementations.

• Coordinate with IT and business stakeholders to align security controls with organizational goals.

• Ensure compliance with ITIL processes and corporate security policies.

• Oversee incident response and ensure timely resolution of security events.

• Review firewall and access control changes.

• Lead internal audits and risk assessments, presenting findings to senior management.

• Develop team capabilities through training and mentoring.

KEY PERFORMANCE INDICATORS:

Team performance and SLA adherence.

Successful delivery of security projects.

Audit and compliance outcomes.

Stakeholder satisfaction and collaboration effectiveness.

REQUIREMENTS:

Skills / Competencies

• 6+ years of experience in information security, including team leadership.

• Proven experience managing security tools and infrastructure.

• Strong understanding of ITIL, risk management, and compliance frameworks.

• Experience with cloud and hybrid environments.

Education

• Bachelor’s degree in Computer Science or related field; advanced certifications (e.g., CISSP, CISM, PMP) preferred.

PERSONAL COMPETENCIES:

• Strong leadership and coaching skills.

• Excellent communication and stakeholder management.

• Strategic thinker with hands-on technical expertise.

• Ability to drive change and foster a culture of continuous improvement.

Through the implementation of innovative products and services and by working hand-in-hand with globally renowned brands, Melco intends to offer the best entertainment experience that aims to appeal to a broad spectrum of customers and thereby become the leader of gaming industry in the region. In this endeavor, we have a number of projects currently underway or planned.