What Jobs are available for Endpoint Security in Hong Kong?

【Job Description】

1. Responsible for the data subject rights request fulfilment, data breach incident handling and reporting, third party vendor assessment and review of contract terms on data and privacy.

2. Maintain data protection and privacy related policies, guidelines, standards; lead the privacy risk assessments; and drive data protection initiatives to mitigate privacy risks.

3. Act as a subject matter expert, provide advice to all related internal stakeholders on data protection and privacy, help them understand the risks associated and solve their problems.

4. Lead the privacy related audit or certificate programmes, including DPTM, CBPR, EU COC, etc.

5. Build and maintain strong relationships with internal and external stakeholders, in particular with business teams, to work on projects related to compliance with data protection and privacy laws.

6. Manage tools/systems to assist internal data protection and privacy related processes.

7. Develop and deliver data protection and privacy trainings to internal teams.

8. Keep abreast of new laws and regulations, as well as technology trends, assess impacts and risks and report to management and leadership.

【Qualification】

1. 8 years or above experience in data protection and privacy compliance.

2. Expert knowledge and experience of Data Protection and Privacy Laws in APAC, Middle East, US and the EU/UK.

3. Relevant privacy qualification (e.g. CIPP/A, CIPP/E, etc.) is a plus.

4. Bachelor degree minimum, preferably with technology background.

5. Strong project management skills, and able to work independently with minimum supervision.

6. Proven and strong capability to communicate privacy and risk-related concepts effectively to the business at all levels, and able to make judgement calls independently.

7. Ability to act with integrity and maintain an ethical mindset.

8. Can use English and Chinese languages in professional settings, and any other languages would be a plus.

9. Can work in a fast-paced environment, and perform well under pressure and strict timeline.

Our client is a is a
high-growth fintech company
transforming the finance landscape across the region. With a focus on innovation and technology, the company delivers forward-thinking financial solutions designed to meet the diverse needs of individuals and businesses. Its regional presence and industry expertise enable it to tailor services to local markets while maintaining scalable and sustainable growth. It's currently expanding the team in Hong Kong.

Responsibilities:

• Lead the development and execution of IT compliance and governance programs to ensure companywide alignment with regulatory and industry standards.
• Coordinate and perform internal IT audits, identifying potential compliance risks and preparing the organization for external assessments.
• Establish, review, and update frameworks for regulatory compliance, emphasizing information security, data privacy, and risk management.
• Serve as the organization's primary contact for data protection matters, ensuring robust adherence to privacy regulations and effective incident response.
• Liaise with regulators, auditors, and data subjects regarding IT governance and privacy issues.
• Support company secretarial and corporate governance functions across multiple jurisdictions, ensuring compliance with local and international laws.
• Manage communication and collaboration among internal departments and external partners for compliance-related projects.
• Assist in the implementation of special projects related to IT security, data protection, and corporate compliance.

Requirements:

• Bachelor's degree in Information Systems, Business Administration, Law, or a related discipline.
• 2–5 years' experience in IT compliance, information security governance, or audit roles within regulated industries.
• Familiarity with ISO 27001, SOC 1/2, or similar certification frameworks and audit processes.
• Experience with intellectual property management or cross-border company governance is an advantage.
• Strong analytical skills, attention to detail, and a proactive approach to identifying and resolving compliance issues.
• Excellent organizational and multitasking abilities, with strong interpersonal and communication skills.
• Proficiency in English, Cantonese, and Mandarin is highly valued.
• Comfortable using Microsoft Office and other compliance or audit management tools.

Pinpoint Asia is representing one of Hong Kong's most respected and technologically complex institutions. Our client is a leader in its field, investing heavily in building a world-class cyber defense function to protect critical assets and data.

We are looking for a strategic, hands-on leader to take full ownership of their Vulnerability Management and Offensive Security program. This is a high-impact role where you will shape the strategy, lead a specialist team, and act as the ultimate authority on identifying and mitigating security weaknesses across the enterprise.

The Opportunity: What You'll Command

This is not a typical operational role. You will be empowered to build, run, and innovate a comprehensive security program. You will be the central commander for threat and vulnerability management, from integrating security into the development pipeline (DevSecOps) to leading the charge during zero-day incidents.

Your mission is to proactively reduce the organization's attack surface by leading a multi-faceted function that includes:

• Team Leadership: Build, mentor, and lead a high-caliber team of security specialists responsible for scanning, testing, and analysis.
• Strategic Oversight: Own the entire lifecycle for vulnerabilities across infrastructure, applications, databases, and networks.
• Vendor & Service Management: Command relationships with external partners for specialized services like Red Teaming and advanced penetration testing, ensuring top-tier performance and value.
• Incident Command: Act as the designated lead for responding to critical, actively exploited vulnerabilities, orchestrating rapid enterprise-wide remediation efforts.

The Core Mission: Your Key Accountabilities

• Drive a Proactive Security Posture: Evolve and manage a sophisticated program covering continuous vulnerability scanning, configuration compliance, and attack surface management.
• Champion DevSecOps: Spearhead the integration of security into the CI/CD pipeline. Embed automated tools (SAST, DAST, SCA) and secure coding practices to find and fix flaws early in the development process.
• Lead Offensive Security Operations: Oversee all penetration testing (application and infrastructure), secure code reviews, and advanced adversarial simulations (Red Teaming) to rigorously test the organization's defenses.
• Deliver Actionable Intelligence: Develop a robust vulnerability intelligence capability that contextualizes global threats to the firm's specific environment. Prioritize remediation based on genuine business risk, not just raw CVSS scores.
• Communicate with Impact: Develop and present compelling metrics, risk reports, and strategic roadmaps to C-level executives and key business stakeholders, translating complex technical data into clear business impact.

The Ideal Profile

We are looking for a seasoned cybersecurity leader with a "player-coach" mentality. You have deep technical credibility combined with proven management experience.

• Experience: 12+ years in cybersecurity, with at least 5 years in a leadership role focused on Vulnerability Management, Application Security, or Offensive Security.
• Technical Mastery: Deep, practical expertise across the modern security toolkit. You must understand the "how" and "why" behind:
• Vulnerability Management Platforms: Tenable, Qualys, Rapid7, etc.
• DevSecOps & AppSec Tools: SAST, DAST, SCA, IAST integrated into developer workflows.
• Offensive Security Methodologies: Penetration Testing, Red Teaming, MITRE ATT&CK Framework.
• Modern IT Environments: Cloud (AWS/Azure), containerization, and complex enterprise networks.
• Strategic & Analytical Mindset: You can dissect complex vulnerabilities, assess exploitability, and map technical findings to tangible business risks.
• Leadership & Influence: You have a proven ability to manage technical teams and to communicate effectively with stakeholders at all levels, from engineers to executives.
• Credentials: A degree in Computer Science, Information Security, or a related discipline. Industry certifications such as CISSP or CISM are highly desirable.
• If this outstanding opportunity sounds like your next career move, please submit your resume in Word format via the Quick Apply Button.

• Join a reputable organisation at the forefront of cyber security, offering exposure to advanced technologies and complex environments.

• Oversee the continuous scanning of infrastructure for vulnerabilities and ensure configuration compliance across platforms, databases, networks, and voice systems.

• Lead penetration testing activities for both application and infrastructure security, ensuring robust defences against emerging threats.
• Manage the delivery of DevSecOps services by guiding secure development practices and integrating security into operations workflows.
• Directly supervise team members through hiring, training, coaching, setting objectives, and performance management to foster a collaborative and high-performing environment.
• Coordinate with external service providers and product vendors to establish, monitor, and maintain agreed service levels for vulnerability management.
• Provide oversight on the identification and remediation of vulnerabilities, ensuring timely resolution according to established priorities.
• Assess vulnerability intelligence in relation to both internal systems and the broader external threat landscape to inform risk-based decision making.
• Continuously identify gaps in controls or coverage within vulnerability management processes and propose initiatives for service enhancement.
• Develop comprehensive metrics, reports, and service highlights for presentation to business stakeholders and IT leadership.
• Act as the lead during incidents involving actively exploited or critical vulnerabilities by developing response plans and overseeing their implementation.

What you bring:

• A degree in Computer Science, Information Security or a related discipline provides you with a strong academic foundation for this role.
• Twelve years or more of relevant experience in information security roles ensures you bring deep industry knowledge.
• At least five years' hands-on experience specifically within vulnerability management demonstrates your subject matter expertise across multiple disciplines.
• Proven track record in leading teams through hiring, training, coaching, objective setting, and performance management fosters a collaborative work environment.
• Comprehensive understanding of vulnerability management services including operating procedures enables effective oversight of critical functions.
• Exceptional logical thinking skills allow you to analyse different categories of vulnerabilities with precision.
• A customer-focused approach ensures that all services delivered meet high standards of quality and responsiveness.
• Excellent interpersonal skills support effective communication with both technical teams and business stakeholders alike.
• Experience with key technologies such as Vulnerability Assessment tools, DevSecOps methodologies, Penetration Testing frameworks, Secure Code Review processes, Attack Surface Management solutions, and Red Team exercises enhances your technical toolkit.
• Holding industry-recognised certifications such as CISSP or CISM further validates your expertise.

• Join a reputable organisation at the forefront of cyber security, offering exposure to advanced technologies and complex environments.

• Oversee the continuous scanning of infrastructure for vulnerabilities and ensure configuration compliance across platforms, databases, networks, and voice systems.

• Lead penetration testing activities for both application and infrastructure security, ensuring robust defences against emerging threats.
• Manage the delivery of DevSecOps services by guiding secure development practices and integrating security into operations workflows.
• Directly supervise team members through hiring, training, coaching, setting objectives, and performance management to foster a collaborative and high-performing environment.
• Coordinate with external service providers and product vendors to establish, monitor, and maintain agreed service levels for vulnerability management.
• Provide oversight on the identification and remediation of vulnerabilities, ensuring timely resolution according to established priorities.
• Assess vulnerability intelligence in relation to both internal systems and the broader external threat landscape to inform risk-based decision making.
• Continuously identify gaps in controls or coverage within vulnerability management processes and propose initiatives for service enhancement.
• Develop comprehensive metrics, reports, and service highlights for presentation to business stakeholders and IT leadership.
• Act as the lead during incidents involving actively exploited or critical vulnerabilities by developing response plans and overseeing their implementation.

What you bring:

• A degree in Computer Science, Information Security or a related discipline provides you with a strong academic foundation for this role.
• Twelve years or more of relevant experience in information security roles ensures you bring deep industry knowledge.
• At least five years' hands-on experience specifically within vulnerability management demonstrates your subject matter expertise across multiple disciplines.
• Proven track record in leading teams through hiring, training, coaching, objective setting, and performance management fosters a collaborative work environment.
• Comprehensive understanding of vulnerability management services including operating procedures enables effective oversight of critical functions.
• Exceptional logical thinking skills allow you to analyse different categories of vulnerabilities with precision.
• A customer-focused approach ensures that all services delivered meet high standards of quality and responsiveness.
• Excellent interpersonal skills support effective communication with both technical teams and business stakeholders alike.
• Experience with key technologies such as Vulnerability Assessment tools, DevSecOps methodologies, Penetration Testing frameworks, Secure Code Review processes, Attack Surface Management solutions, and Red Team exercises enhances your technical toolkit.
• Holding industry-recognised certifications such as CISSP or CISM further validates your expertise.

Company description:

The Hong Kong Jockey Club

Job description:

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club's ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club's reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Lead and manage end-to-end penetration testing services, ensuring execution across all engagements to identify security weaknesses within the organisation's applications and environments
• Act as a Subject Matter Expert to support and respond to penetration testing-related requests, proactively anticipate needs (e.g. project requirements) and propose workable solutions

• Manage/conduct penetration testing and vulnerability management assessments, namely:

• System and infrastructure-based security assessments

• Web application security assessments
• Mobile application security assessments

• Vulnerability scanning

• Identify and exploit vulnerabilities using manual techniques and automated tools

• Develop custom scripts, payloads, and exploits to bypass security controls
• Document findings with detailed technical evidence and clear remediation guidance with recommended safeguards and compensating controls that meet the organisation's cybersecurity standards
• Collaborate with stakeholders to communicate findings and track the status of follow-up actions to ensure timely identification of vulnerability remediation
• Design and maintain KRI dashboards to track cybersecurity posture and report penetration testing outcomes in monthly management reports
• Develop and maintain internal standards, methodologies, and documentation for penetration testing and vulnerability management processes
• Manage vendor relationships to ensure service quality and monitor performance against SLAs
• Undertake other duties assigned by Cyber Security Management
• Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross-team/division/department efforts and model collaborative behaviours

About You

You should have:

• University degree in Computer Science, Information Security, and/or related discipline
• Industry-recognised certification in one or more of the following - OSCP, OSCE, OSWE, GPEN, CEH, CISSP, CISA, or equivalent
• 5 years or more of working experience in the penetration testing and vulnerability management domain across various disciplines
• Proven expertise in conducting application security assessments across web, mobile, and self-developed applications
• Strong service and a customer-focused approach to the service being delivered
• Excellent interpersonal, collaborative and communication skills
• Well-disciplined with exemplary professional competence and integrity
• Hands-on experience with industry-standard tools such as Kali Linux, Burp Suite, Qualys, Nessus, Nmap, Metasploit, Wireshark, etc.

• Deep technical knowledge in:

• Operating systems: Windows, Linux, macOS

• Offensive tooling and technique: Implant reverse shells, Command and Control (C2) infrastructure
• Network and security architecture: TCP/IP, IDS/IPS, firewalls, WAFs, web content filtering
• Cloud platform: Integrated security solutions across major cloud providers (e.g. AWS, Azure)

• Application security: Coding practices and architecture design

• Demonstrated ability to perform penetration testing, vulnerability assessments, and security reviews for applications and infrastructure

• Contribute to the development and refinement of penetration testing and secure vulnerability management standards
• Experience participating in red team operations is desired
• Exploit research and development skills are a plus
• Source code review experience is a plus

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.

Company:

Sopra Steria is a listed European tech leader specializing in Consulting, Digital Services, and Software. With 60,000 employees worldwide across Europe, North America and Asia, Singapore serves as the HQ for our APAC operations. We focus on delivering Infrastructure, Cloud and Cybersecurity services across the region.

Description:

This role is for a technical support position and he/she will be responsible to oversees Middleware Vulnerability Management. They must plan and rectify middleware products security vulnerabilities. He/she will help ensure the quality of Core Middleware services remains consistently high and Create Middleware management reporting and dashboard and adhere to all IT security policies to maintain system integrity and quality.

The candidate must have excellent technical knowledge matched by a "can do" hands-on attitude to develop automatic process to generate reports and dashboard and always work to minimize operational risk. Also capable of develop scripts to manage repetitive or mass deployment tasks. The successful candidate will be a member of a dynamic IT team and will work with other IT teams in Asia, Europe and Americas, so must possess strong organization skills, have good time management and excellent written and communication skills.

Responsibilities:

• Responsible for the overall Middleware Vulnerability Management of Core Middleware systems in APAC (infrastructure in Singapore, Hong Kong, Japan and China) and regional oversight of the rest of APAC countries.
• Must have a mindset to provide continuous team and service improvements, be risk adverse in change management, focus on mitigating middleware vulnerabilities and be eager to improve the monitoring, efficiency, reliability, capacity and quality of all IT services.
• Strive to ensure 100% uptime for all Core Middleware systems infrastructure in APAC, taking into account business requirements.
• Able to plan, test and execute Production changes successfully following a robust Change Management process.
• Responsible for updating all live production documentation under their scope.
• Has direct hands on experience managing to reduce hardware and software obsolescence across IT.

Business relationships:

• Work closely with all major stakeholders of the Core Middleware Systems, and any team(s) with direct influence and dependencies.
• Must build a strong relationship with our internal customers in APAC.
• Have proven experience working collaboratively with all teams across all departments and refusing to work in silo mode.
• Follow all Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Governance:

• Follow Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Essential Technical Knowledge/Skills:

• At least 5 - 7 years of technical experience in following middleware technologies listed below

• Open source Apache HTTP Server (2.4.x)

• Open source Tomcat application Server (8.x, 9.x)
• Microsoft IIS server (IIS 8.5, 10)
• REDHAT Jboss EWS (Apache / Tomcat 5.x)
• REDHAT EAP application server (EAP 7.x)
• IBM WebSphere Application server BASE & ND (8.x, 9.x)
• IBM WebSphere MQ server (8.x, 9.0, 9.1, 9.2)

• Oracle WebLogic server (12.x, 14.x)

• Analysis, remediation planning and execution for all overdue vulnerabilities for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS products.

• Analysis, remediation planning and execution for all Critical compliance deviations on Digital Platform assets, and ideally on High deviations for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS.

• Enhancement of the current processes for remediationd for all APAC assets where the remediation owner is Digital Platform (include assets provided to and supported for CIB, WM, Cardif entities), on the vulnerability management and compliance management remits.

• Continuous improvement of the security watch process for the products under APAC Digital Platform management, to pro-actively plan for patching.

• Experience in creating and producing reports and Dashboard.

• Obtain skill for reporting : Tableau / Power query / Excel Micro programing / PowerBI / SQL query / Python / API

• Optional skill set: Prometheus / Grafana / Kibana / ELK

• Obtain skill for automation: Ansible scripting + Ansible tower

• Middleware skill: IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS

• Oversight of the Vulnerability & Compliance Deviation remediation for the locally-managed network gears.

• To apply security vulnerability fixes on timely manner as per business needs.

• To apply security hardening policies for middleware productson timely manner as per business needs.

• Must have excellent written and verbal communication skills.

• Productiveness team work and strong analytical skills.

• Demonstrate a systematic and logical approach to problem-solving.

• Good presentation and documentation skills.

• Ability break down complex technical situations and adapt their language to all levels of discussion, from non-technical managers up to 3rd level System Experts.

• Have knowledge and experience using agile methodologies and/or has been part of DevOps teams.

• Be service oriented, customer focused, positive, committed and have an enthusiastic "can do" attitude.

• Great time keeping skills and attention to detail is essential.

• Flexibility to do shift work and some weekends or late after office hours at short notice.

• Must be independent, organized, self-motivated, responsible, and able to complete tasks with little or no supervision.

• Relishes taking ownership, being totally hands-on and comfortable directly interfacing with people at all levels of the organization.

• Knows ITIL concepts and can apply them effectively.

Other Value-Added Competencies:

• A professional certification in any of the application server technology listed.

• Analytical thinking and strong diagnostic information gathering

• Client-oriented, strong communication and organization skills
• Initiative and multitasking
• Ability to work under pressure
• Having knowledge in ansible / good scripting skills in PowerShell, Python or other programming languages is an added advantage.

• Regular team buildings
• 18 leave days / Year
• Health Insurance
• Annual bonus
• Working hours: from 9am to 6pm, Monday to Friday
• E-learning and certifications paths

Company description:

The Hong Kong Jockey Club

Job description:

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club's ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club's reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Networks and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps), through hiring, training, coaching, objective setting and performance management of team members
• Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met
• Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority is given to effectively remediate the vulnerabilities within the agreed timelines
• Ensure the relevant and adequate coverage of vulnerability intelligence, to assess the vulnerabilities in the Club's context and the external threat landscape
• Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively
• Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service
• Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders
• Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee its implementation it

About you

You should have:

• Degree in Computer Science, Information Security, and/or related discipline
• 12 years or more of working experience in the related field, with at least 5 years in the Vulnerability Management domain across various disciplines, including leading and managing teams
• Strong experience covering Vulnerability Management services and required operating procedures
• High degree of logical and analytical thinking skills, particularly in the different categories of vulnerabilities and how they work
• Strong service and customer-focused approach to the service being delivered
• Excellent interpersonal, collaborative and communication skills
• Well-disciplined with exemplary professional competence and integrity
• Experience with the following services and technologies - Vulnerability Assessment, DevSecOps, Pen-Testing, Secure Code Review, Attack Surface Management, Red Team
• Industry-recognised certification in one or more of the following - CISSP, CISM, etc.

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.

Pursue a Career with Impact
At Deloitte China, we are on a mission to nurture and empower our people to become deep subject matter experts. We offer the perfect platform to unleash your full potential and equip you to thrive on challenges, and partner with our clients to solve their most complex problems. A world of opportunities awaits. Start your adventure and journey with us.

About The Business
Risk Advisory

Trust, resilience and security connecting for enduring success and responsible business

With competencies encompassing capital markets, control assurance, contractual exposure and insurance claims, and security services, our RA professionals offer a wealth of experience across a spectrum of industries. This is a great place to build a career and make an impact that really matters.

By taking a Risk Intelligent approach, Risk Advisory provide powerful, practical solutions in cyber, strategy, regulation and controls, backed by deep business knowledge across multi-disciplinary teams, helping clients worldwide take the opportunity to connect trust, resilience and security for more positive outcomes. Risk Advisory helps ensure success that enables sustainable growth, inspires positive societal impact and creates a more responsible business. When you join Risk Advisory, you can be sure of access to these solutions and experiences, as well as opportunities in our different services lines, all wrapped in a high tech environment with a high touch approach to career development that ensures you reach your full potential. Whichever service offering you work in, your skills and experience will be highly valued

Cyber & Strategic Risk

We help clients address various aspects of Cyber and other strategic risks to their organizations to inform risk-based strategic choices, prepare to respond to disruption, assess and manage full-lifecycle enterprise risks, as well as strategize and respond to risks associated with the reliability and protection of data, associated processes and technology. We provide advisory and managed services to help senior executives spot, assess, manage, and respond to risks and/or catastrophic unforeseen incidents that could undermine their competitive position or jeopardize their critical assets, reputation and/or financial standing. Offerings include:

• Cyber;
• Crisis & Resilience;
• Strategy, Brand and Reputation;
• Climate and Sustainability;
• Extended Enterprise

Our objective is to help clients develop and implement strategies for IT risk management and aim to help clients find the appropriate balance between risk management and cost containment. Our integrated solutions covering: Cyber Strategy, Cyber Security, Cyber Vigilance, Cyber Resilience.

Work you'll do

• Lead together with the technical manager of Data Protection all technical developments supporting the initiatives on next gen data privacy / protection, including but not limited to solution design & development, collaborate with industry leading vendors and conduct pilot run / POC to our clients
• Explore & understand the market needs and design, develop / implement technical solution together with the team to build the data protection eco-system
• Collaborate in the conducting of assessment and benchmarking with industry best practices pertaining to data privacy and protection, information security and cyber security, including data protection / privacy impact assessments from a technological angle
• Collaborate in the identification and assess risks in the areas of Governance People, Process and Technology, using recognised sources of privacy and data protection frameworks from a technological angle
• Collaborate in advising on and establish data governance framework for our clients including strategies, organisations, policies, processes, standards and guidelines, etc. around data privacy and protection, and information security from a technological angle
• Collaborate in advising advise and support our global clients in privacy by design / default and technology, cyber security projects from a technological angle
• Collaborate in advising on and implementing performance management and frameworks for privacy and protection compliance supported by technologies from a technological angle
• Develop and manage relationships, and meet with relevant data protection and privacy, and security stakeholders within our clients
• Contribute to our research and thought leadership, and work together on our next gen data privacy / protection initiatives to improve the eminence of our data privacy and protection practice
• Collaboration with third party vendors to leverage their tools and solutions implementation for our clients
• As a manager you should be able to independently lead a team during engagements with limited support and supervision

During your tenure with us, you will demonstrate and develop your leadership and professional capabilities in the following areas: Inspiring, Creating purpose, Driving agility, Building diverse capability, Influencing, Collaborating, Delivering value, Building the business, Analytical acumen, Effective communication, Engagement management/delivery excellence, Managing change, Managing quality & risk, Sales excellence, Strategic thinking and problem solving, and Tech savviness.

We are looking for someone with

• University degree majoring in information systems, computer science, engineering, statistics and / or related areas
• At least 3-7 years' experience preferably from (technology) consulting firms/large enterprises' project teams
• Passionate about technology and applying it to various areas of data protection
• Knowledge of system development and setup (both functional and technical) including system architecture design and system development lifecycle
• Knowledge and understanding of system's implementation, programming languages and data analytics (e.g. Vue, Restful API, nosql DB, python, SAS)
• Knowledge of the Hong Kong privacy regime. Knowledge of China privacy regime, and APAC and international privacy regulations (e.g. General Data Protection Regulation) would be an advantage
• Knowledge of current privacy and cyber issues, cyber and privacy security frameworks, privacy and data protection (engineering) technologies, emerging trends, and best practices related to data privacy would be an advantage
• Experience of implementing / operating data discovery, data leakage prevention, data inventory, data flow mapping and privacy, data protection technology or other market leading systems, would be seen as an advantage, and system / technology understanding would be an advantage
• Technology related qualification holder will be an advantage
• Strong consultation and communication skills with an ability to explain complex technical issues to non-technical business clients as well as highly proficiency in both spoken and written English and Chinese (Cantonese); Mandarin would be an advantage

Shape your future through impact that matters
For more than 100 years of history, Deloitte witnessed also had the honor to be part of the economic boom in China by providing industry-leading audit & assurance, consulting, risk advisory, financial advisory, tax & business advisory services to nearly 90% of the Fortune Global 500 Chinese companies and thousands of private companies. Deloitte China today carries on our centenary professionalism and strives to become the undisputed leader in professional services in China with strong responsibility and capabilities in digitalization and multidisciplinary services.

Deloitte has been named China's Top Employer since 2006, Universum's Most Attractive Employer in China since 2008, and the Best Workplaces in Greater China since 2019.

All qualified applicants will receive consideration for employment regardless of their background, experience, identity, ability or thinking style, and if you need assistance during the application process for accessibility reasons this is available upon request.

Ready to take on new challenges? Apply now

Stay connected for the latest career opportunities, follow us on Deloitte China Social Media.

Accessibility Assistance

If you need assistance or an accommodation during the recruitment process for accessibility reasons, there will be an opportunity for you to let us know what you need once you begin your application.

Why Deloitte China?
Deloitte China delivers a comprehensive range of audit & assurance, consulting, financial advisory, risk advisory and tax services to local, multinational and growth enterprise clients in China.

• We are the
  world's largest professional services firm
  that changes the world, we lead with purpose and shared values.
• We are the
  market leader with digital and innovative solutions
  , we create values for client through our multi-disciplinary services.
• We are recognized as
  Top Employer
  in China by the Top Employers Institute* for 14th consecutive years, and made the top 3 for the first time this year
• We are certified as one of the
  'Best Workplaces
  in Greater China by Great Place to Work in 2019