What Jobs are available for Data Compliance in Hong Kong?

The Asia Data Office (ADO) is a team of data professionals dedicated to enabling data as a strategic asset to drive business outcomes across Asia and the broader Asia segment. The team comprises Data Analysts, Architects, Engineers, and Business Intelligence professionals focused on delivering high-quality, accessible data for use cases spanning Business Intelligence, Digital Applications, and Advanced Analytics.

We are seeking a highly skilled and experienced Associate Director, Data Security and Compliance to spearhead the development and enforcement of access management frameworks and data risk policies across multiple data lakes in Asia, while ensuring alignment with global standards. This role is critical in maintaining regulatory compliance across ten markets and managing key data risks within the Asia Data Office.

Position Responsibilities
Access Management

• Framework Development: Design, implement, and maintain robust access management frameworks and policies to ensure secure and efficient data access across Asia's data lakes.
• Policy Integration: Collaborate with global teams to align regional access policies with global standards.
• Access Controls: Regularly monitor and audit access controls to ensure compliance with internal policies and security protocols.
• User Access Management: Oversee role-based access provisioning, ensuring appropriate access levels based on responsibilities.
• Technology Enablement: Partner with IT and architecture teams to implement tools and technologies that support access governance.

Data Governance

• Governance Oversight: Ensure effective governance of data access, maintaining data integrity, security, and availability.
• Quality Initiatives: Lead efforts to standardize and harmonize data access processes across the region.
• Policy Enforcement: Ensure adherence to data governance policies by all stakeholders.

Regulatory Compliance

• Compliance Monitoring: Track and ensure compliance with data access regulations across ten markets, adapting policies as needed.
• Regulatory Liaison: Work closely with legal and compliance teams to meet local and international regulatory requirements.
• Documentation: Maintain clear and comprehensive documentation of access policies and procedures.

Data Risk Management

• Risk Identification & Mitigation: Identify, assess, and mitigate data privacy and security risks. Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
• Risk Execution: Own and execute Information Risk Assessments (IRAs) for the Asia Data Office.
• Audit & Compliance: Conduct regular audits to ensure ongoing compliance with privacy and security laws. Implement corrective actions as necessary.
• Incident Response: Lead response efforts for data breach incidents, including investigation, reporting, and remediation.
• Reporting: Provide regular updates on data risk status and mitigation strategies to the Asia Chief Data Officer and senior leadership.
• Training & Awareness: Develop and deliver training programs to promote a culture of privacy and data security awareness.

Coordination & Collaboration

• Cross-Functional Engagement: Collaborate with IT, legal, compliance, architecture, engineering, and business teams to ensure cohesive access management.
• Culture Building: Promote data stewardship and accountability across the organization.
• Solution Design: Work closely with solution and data architects to design access management solutions aligned with business and regulatory needs.

Required Qualifications

• Bachelor's or Master's degree in Information Technology, Data Science, Business Administration, or a related field.
• 8–10 years of experience in access management, data governance, or risk management.
• Experience in a multinational organization with a focus on Asia.
• Professional certifications such as CIPP, CRISC, or CDMP.
• Strong knowledge of access frameworks, governance policies, and regulatory compliance.
• Proficiency in technologies such as SQL, Oracle RDBMS, Microsoft Synapse, Azure Data Lake Storage (ADLS), Azure Data Factory, Cosmos DB, and Databricks.
• Foundational understanding of emerging technologies like Generative AI and OpenAI.
• Demonstrated experience in managing data risks and implementing mitigation strategies.
• Excellent leadership, communication, and stakeholder management skills.
• Ability to thrive in a fast-paced, dynamic environment with multiple priorities.

When You Join Our Team

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

About Manulife And John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit

Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact

Working Arrangement
Hybrid

Job Purpose:

Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

• Support security tools including network firewall, DLP, SIEM, vulnerability scanning,
• micro-segmentation
• Review the firewall rule change requests; conduct the modification or reject if the request
• may expose the Group to unacceptable risk
• Act as project manager role on information security projects
• Provide technical guidance to systems and network team regarding security configurations
• Analyse cybersecurity incidents and make recommendations on remedial actions.
• Define and design adequate security controls to maintain secure control environment.
• Conduct regular security assessment on systems, network and IT infrastructure
• Provide security advisory service to stakeholders on new initiatives and development
• projects.
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill
• in regular basis.
• Monitor and govern external service providers, including both outsourcing service
• providers and connected third parties, to deliver the services as per the Group's security
• requirements.

Incumbent Requirements:

• Minimum 6 years of relevant work experience in technology risk, information security
• and cybersecurity
• University graduate in Computer Science / Information Technology or equivalent.

• One or more certificates listed below:

• ISC2 Certified Information Security Professional (CISSP)

• ISACA Certified Information System Auditor (CISA)
• ISACA Certified Information Security Manager (CISM)
• ISC2 Certified Cloud Security Professional (CCSP)
• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and
• application security of finance/banking systems, in particular hands on experience in
• firewall management
• Experience in regulators' requirement on technology risk management including the
• Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls
• Framework of SWIFT
• Strong information security sense in relation to business requirements
• Mature, independent and able to deliver quality results under tight schedule

Please note that only shortlisted candidates will be notified.

Job Purpose:

Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

• Support security tools including network firewall, DLP, SIEM, vulnerability scanning, micro-segmentation;
• Review the firewall rule change requests; conduct the modification or reject if the request may expose the Group to unacceptable risk;
• Act as project manager role on information security projects;
• Provide technical guidance to systems and network team regarding security configurations;
• Analyse cybersecurity incidents and make recommendations on remedial actions;
• Define and design adequate security controls to maintain secure control environment;
• Conduct regular security assessment on systems, network and IT infrastructure;
• Provide security advisory service to stakeholders on new initiatives and development projects;
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill in regular basis;
• Monitor and govern external service providers, including both outsourcing service providers and connected third parties, to deliver the services as per the Group's security requirements.

Incumbent Requirements:

• Minimum 6 years of relevant work experience in technology risk, information security and cybersecurity;
• University graduate in Computer Science / Information Technology or equivalent;

• One or more certificates listed below:

• ISC2 Certified Information Security Professional (CISSP)

• ISACA Certified Information System Auditor (CISA)

• ISACA Certified Information Security Manager (CISM)

• ISC2 Certified Cloud Security Professional (CCSP)

• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and application security of finance/banking systems, in particular hands on experience in firewall management;

• Experience in regulators' requirement on technology risk management including the Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls Framework of SWIFT;
• Strong information security sense in relation to business requirements;
• Mature, independent and able to deliver quality results under tight schedule.

Please note that only shortlisted candidates will be notified.

Position Overview

We are seeking an experienced and strategically minded Information Security Officer to join our organization. In this role, you will be the key architect and executor of the company's information security strategy, responsible for building, maintaining, and continuously optimizing our information security framework.

Your work will play a critical role in protecting our core trading systems, sensitive client data, and essential business infrastructure—ensuring that our operations remain secure, stable, and compliant with global financial regulatory standards.

Key Responsibilities

Strategy and Governance

• Develop, implement, and continuously refine the company's overall information security strategy, roadmap, and policy framework.
• Report the organization's security posture, major risks, and governance updates to senior management and the board of directors.
• Establish and promote a strong information security culture across the organization through comprehensive training and awareness programs.

Compliance and Risk Management

• Lead and ensure compliance with all applicable financial industry laws, regulations, and supervisory requirements (including CSRC, Cybersecurity Law, Data Security Law, Personal Information Protection Law, GDPR, etc.).
• Oversee internal and external security audits and compliance reviews and ensure timely remediation of audit findings.
• Conduct regular information security risk assessments to identify threats and vulnerabilities affecting trading platforms, client data, and company assets, and drive the implementation of risk mitigation measures.

Technical Security and Defence

• Supervise the implementation and operation of security controls across network, system, application, and data layers—including but not limited to firewalls, IDS/IPS, SIEM, WAF, and endpoint protection.
• Ensure the confidentiality, integrity, and availability of the production trading environment.
• Manage security relationships with cloud service providers (such as Azure) and third-party partners, including security posture assessments.

Security Operations and Incident Response

• Lead the Security Operations Centre (SOC) team in monitoring, analyzing, and responding to security incidents.
• Develop and maintain a comprehensive incident response plan and organize regular simulation exercises.
• Serve as the overall incident commander during actual security events, ensuring effective containment, eradication, and recovery.
• Oversee the vulnerability management process, coordinating with technical teams on scanning, assessment, prioritization, and remediation.

Data Security and Privacy Protection

• Design and implement data classification and protection programs, including DLP, encryption, and access control policies.
• Ensure the full lifecycle protection of sensitive data such as client transaction data and personally identifiable information (PII).

Qualifications

Basic Requirements

• Bachelor's degree or above in Computer Science, Information Security, or a related field.
• Over 8 years of experience in information security, with at least 3 years in a managerial or equivalent role within the financial industry (especially securities, futures, or trading platforms).
• Holder of internationally recognized security certifications such as CISSP, CISM, or CISA.

Knowledge and Skills

• Financial Industry Compliance Expertise: Deep understanding of cybersecurity and IT governance requirements set by domestic and international financial regulators.
• Strong Technical Foundation: Proficient in network security architecture, operating system security (Linux/Windows), database security, and application security. Familiarity with trading system technology stacks is a strong plus.
• Hands-on Security Experience: Extensive experience in security incident investigation, incident response, and threat hunting; well-versed in common attack techniques and defense strategies.
• Leadership and Communication: Excellent leadership, communication, and coordination skills; capable of leading cross-functional collaboration with technology, business, risk, and compliance teams.
• Strategic Thinking: Ability to align business objectives with security goals and develop practical, effective security strategies.

We Offer

• Highly competitive compensation package and performance-based bonuses.
• The opportunity to play a key leadership role in shaping cybersecurity at the forefront of the fintech industry.
• A professional, open, and intellectually challenging work environment.
• Comprehensive benefits and a structured career development pathway.

工作類型: 全職

薪酬: 最多每月 $60,000.00

Work Location: 親身到場

Job Purpose

You will be responsible for carrying out information security functions and activities for the Technology function.

Responsibilities

• Protect the confidentiality, integrity and availability of all assets and systems through monitoring, detection, and analysis activities
• Review and assess information security requests to determine compliance with organizational policies and standards.
• Prepare and present cybersecurity-related reports, highlighting risks, incidents, and remediation efforts.
• Facilitate the annual recertification process for user access and security controls.
• Collaborate with IT teams to implement security measures, and remediate the audit findings
• Participate in and manage security-related projects to enhance overall security posture.
• Support Information security team to develop and implement security policies, procedures and guidelines
• Validate information security controls effectiveness and agreed deliverables to assure security standards/plans are achieved.
• Review the current IT Security solution and Security Policy to identify potential gaps within the organisation
• Undertake monitoring of security controls and policy adherence in line with Bupa policies based on ISO27001 and NIST Cybersecurity
• Monitor the security controls for security breaches and investigate violations
• Conduct risk and vulnerability assessment at the network, system and application level, and assess resulting impact on risk

Qualifications, Training and Experience

• Relevant Bachelor's/Master's degree holder from a recognized university
• 3-5 years of relevant work experience on managing security technologies
• Work experience in cloud security solution experience (Wiz preferred)
• Work experience in web proxy / SASE solutions (Palo Alto Prisma SASE preferred)
• Work experience cloud platforms (Azure, GCP preferred)
• Experience in managing security solutions, such as Wiz, Palo Alto Prisma, Zscaler, MS Defender, Imperva, Cloudfare
• Scripting skills, such as Terraforms, MS PowerShell, Python
• Good communication skills and the ability to collaborate well with across departments
• Able to demonstrate a positive, logical, and proactive approach while executing the assigned tasks
• Certification holder in information security (CISSP, CISA, etc.) will be an advantage.
• Ability to prioritize work and design schedules to meet the desired requirements

Bupa offers 5 days' work per week and comprehensive remuneration packages including base salary, study assistance plan, company pension plan, life and medical benefit, dental benefit, annual leave, examination leave, etc.

Bupa is an equal opportunity employer and welcomes applications from qualified candidates. Information provided will be treated in strict confidence and only be used for consideration of application with Bupa.

Personal data collected will be used for recruitment purposes only. Bupa will be in touch for any opportunities that matches your profile. All personal data of unsuccessful application will be destroyed 24 months from the date of receiving the application. Full version of Data Privacy Notice available upon request.

Develops and leads one or more of the following highly technical and specialized areas within information security: Security Engineering, Security Architecture, Forensics Analysis, Threat Analysis, Threat Hunting and Penetration Testing. Manages the development, deployment and execution of enterprise security controls and defenses. Monitors, analyzes and exploits system vulnerabilities to detect potential threats. Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence. Determines risk and exposure from security breaches and resolves incidents while providing guidance to business decision-makers.

• Tracks and supports the delivery of information security solutions. Manages the tactical activities of installing and configuring of security systems, software and applications. Coordinates responses to intrusions and provide remediation guidance and support.
• Coordinates resources on highly complex development projects including approval of design specifications and scope. Provides input to short-term security technology roadmaps regarding applicability of new technologies. Disseminates updates to InfoSec Architectural policies, standards and guidelines to team members.
• Reviews forensic investigations and analysis of reported cyber incidents to evaluate root cause vectors and necessary control measures needed to prevent future occurrence. Implements appropriate countermeasures to recover deleted, hidden or lost user data.
• Coordinates research and analysis of threat actor profiles and associated indicators to detect potential threats. Implements recommended actions and security tools to identify, monitor and mitigate attacks. Coordinates with external security organizations to exchange threat intelligence.
• Coordinates complex threat assessment to evaluate incident impact and risk exposure. Reviews cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies), and draws conclusions on possible implications or applicability. Guides the threat intelligence collection process to enhance analytical capabilities.
• Manages execution of penetration testing activities on core systems. Articulates the outcome of stimulated attacks and underlying security issues or system weaknesses. Recommends and institutes remediation techniques or improvements to protect and maintain security frameworks and controls.
• Supports the evaluation and selection of security applications and systems. Manages the implementation of access control defenses. Provides quality review on the evaluation and documentation of team procedures. Manages development, deployment and support activities for multiple critical security technologies to include problem resolution and management, application maintenance, project requests and system enhancements.
• Not an exhaustive list; other duties as assigned.

Minimum Qualifications

• Bachelor's Degree. Relevant Experience or Degree in: Information Security or Computer Science preferred. Other majors will be considered.
• Typically a minimum of 6 years experience.
• related professional experience and prefer a minimum of 1-2 years experience in a supervisory position.
• One or more of the following-CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, CGEIT, Certified Forensic Computer Examiner (CFCE), Certified Cyber Threat Analyst (CCTA), Certified Computer Examiner (CCE)

Preferred Qualifications

• Prior payment or technology industry experience is preferred.
• Master's Degree in a related field of study from an accredited university.

*Purpose of the Job *
The Information Security Manager will be responsible for developing and implementing information security strategies, policies, and procedures to protect our organization from cyber threats and ensure compliance with relevant regulations. He/she will work closely with information security service partners to protect our company from any form of information security and data breach.

Responsibilities

• Develop and implement information security strategies, policies, and procedures that align with the organization's business objectives and regulatory requirements.
• Monitor internal and external policy compliance. He/she will ensure both our vendors and employees understand our cybersecurity risk management policies operate within that framework.
• Design and implement security controls to protect data and systems from unauthorized access, modification, or destruction.
• Work with security vendors to conduct regular risk assessments and vulnerability assessments to identify potential threats and vulnerabilities in the organization's systems, networks, and applications.
• Implement and oversee technological upgrades, improvements and major changes to the information security environment.
• Oversee information security audits, whether by performed by organization or third-party personnel.
• Serve as a focal point of contact for the information security team and the customer or organization.
• Communicate information security goals and new programs effectively with other department managers within the organization.
• Plan and execute security awareness and training programs to promote a culture of security awareness across the organization.
• Manage security incidents and investigations, including identifying, containing, and resolving security incidents in a timely and effective manner.
• Collaborate with internal stakeholders to ensure compliance with relevant laws, regulations, and industry standards.
• Maintain up-to-date knowledge of the latest trends, technologies, and best practices in information security.
• Leverage Global/Regional best practices and security solutions.
• Develop and manage security budgets, contracts, and vendor relationships.

Requirements

• Bachelor's degree in Computer Science, Information Technology, or related field.
• At least 5 years of experience in information security management.
• Strong knowledge of security frameworks, standards, and regulations (e.g., ISO 27001, NIST CSF, GDPR, HIPAA).
• Experience with vulnerability assessment tools, penetration testing tools, and security incident response tools.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with internal and external stakeholders.
• Strong analytical and problem-solving skills.
• Relevant certifications such as CISSP, CISM, or CISA are preferred.
• Strong oral, verbal and written communication skills in English, Cantonese & Mandarin

Job Responsibilities:

• Responsible for managing information security and infrastructure systems to ensure the smooth operation of all enterprise systems and network
• Support day-to-day monitoring and control of information security program, systems, configuration, patching and backup
• Assist in conducting risk assessment and information security review of internal operations, vulnerability assessments and tests for enterprise continuous improvement
• Assist in developing and continuously improve the information security issues and resolve the audit findings
• Coordinate implementation and validation of information security controls
• Monitor and assess information security violations incidents and responses
• Troubleshooting and provide technical support for information security solutions
• Assist in preparing training materials to promote information security awareness across the enterprise
• Maintain up-to-date inventory on infrastructure equipment and software
• Perform other duties as assigned by the supervisors

Requirements:

• Degree holder in Information Technology, Computer Science or related disciplines
• Holder of CISSP, CISA, CCNA, MCSE or relevant certification preferred
• 2+ years relevant working experience on information security, infrastructure maintenance and technical support
• Experience in developing and implementing information security control process, hands-on working experience in Microsoft Windows Server, Linux, Networking, Firewall, Antivirus, VMware and System Hardening
• Knowledge of ISO27001 or Risk Management is a plus
• Positive, responsible, able to work independently and maintain confidentiality
• Fresh graduates and willing to learn will also be considered

Summary
Description
Summary of This Role
Develops and leads one or more of the following highly technical and specialized areas within information security: Security Engineering, Security Architecture, Forensics Analysis, Threat Analysis, Threat Hunting and Penetration Testing. Manages the development, deployment and execution of enterprise security controls and defenses. Monitors, analyzes and exploits system vulnerabilities to detect potential threats. Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence. Determines risk and exposure from security breaches and resolves incidents while providing guidance to business decision-makers.

What Part Will You Play?

• Tracks and supports the delivery of information security solutions. Manages the tactical activities of installing and configuring of security systems, software and applications. Coordinates responses to intrusions and provide remediation guidance and support.
• Coordinates resources on highly complex development projects including approval of design specifications and scope. Provides input to short-term security technology roadmaps regarding applicability of new technologies. Disseminates updates to InfoSec Architectural policies, standards and guidelines to team members.
• Reviews forensic investigations and analysis of reported cyber incidents to evaluate root cause vectors and necessary control measures needed to prevent future occurrence. Implements appropriate countermeasures to recover deleted, hidden or lost user data.
• Coordinates research and analysis of threat actor profiles and associated indicators to detect potential threats. Implements recommended actions and security tools to identify, monitor and mitigate attacks. Coordinates with external security organizations to exchange threat intelligence.
• Coordinates complex threat assessment to evaluate incident impact and risk exposure. Reviews cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies), and draws conclusions on possible implications or applicability. Guides the threat intelligence collection process to enhance analytical capabilities.
• Manages execution of penetration testing activities on core systems. Articulates the outcome of stimulated attacks and underlying security issues or system weaknesses. Recommends and institutes remediation techniques or improvements to protect and maintain security frameworks and controls.
• Supports the evaluation and selection of security applications and systems. Manages the implementation of access control defenses. Provides quality review on the evaluation and documentation of team procedures. Manages development, deployment and support activities for multiple critical security technologies to include problem resolution and management, application maintenance, project requests and system enhancements.
• Not an exhaustive list; other duties as assigned.

What Are We Looking For in This Role?
Minimum Qualifications

• Bachelor's Degree
• Relevant Experience or Degree in: Information Security or Computer Science preferred. Other majors will be considered.
• Typically a minimum of 6 years
• related professional experience and prefer a minimum of 1-2 years experience in a supervisory position.
• One or more of the following-CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, CGEIT, Certified Forensic Computer Examiner (CFCE), Certified Cyber Threat Analyst (CCTA), Certified Computer Examiner (CCE)

Preferred Qualifications

• Prior Global Payments, payment or technology industry experience is preferred.
• Master's Degree in a related field of study from an accredited university.

What Are Our Desired Skills and Capabilities?
None Identified