37 Information Security jobs in Hong Kong

We are currently looking for a seasoned Information Security Engineer to join our client to be based in either Hong Kong or Singapore. They are one of the emerging data center platform companies which is growing rapidly across Asia.

Responsibilities:

1. Design, engineer, implement and monitor security measures for the protection of cloud information, and networks.
2. Conduct a thorough security risk assessment, identify vulnerabilities, and recommend mitigations and countermeasures to enhance security features.
3. Develop security policies and procedures, develop the controls, secure IT design and engineering practices.
4. Respond to, and document security threats, resolve technical faults and deliver real solutions in a cost-effective way.
5. Conduct audit and security compliance checks.
6. Maintain all the software and hardware in relation to security.
7. Stay on top of developments in the industry, and recommend appropriate strategies.

Requirements:

1. Degree holder in Information Technology or related disciplines.
2. Minimum 5 years of working experience in cybersecurity and security products such as firewalls, URL filtering, information security and virus protection.
3. Solid experience in cloud technologies, and familiar with cloud security architecture, design, and operations.
4. Experience in developing security policies and procedures.
5. Security certifications (such as CISSP, CCSP, CISM) and knowledge of security architecture (such as SABSA, TOGAF, Zachman) is an added advantage.
6. Effective written and verbal communication skills in English and preferably an additional Asian language.

2 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from PFCC Group

The Assistant Manager will oversee the operational effectiveness of the firms cybersecurity tools and lead strategic initiatives to enhance infrastructure security. This role involves managing a team of analysts, coordinating with IT and business units, and ensuring compliance with security policies and standards.

Experience in implementing, suppoting and incident handling/escalation with tools such as Forcepoint, Qualys, CyberArk & Symantec.

The successful candidate will have experience with senior level stakeholder engagement, leading a team of Analysts, managing vendors, and handling incidents in a competent and professional manner.

In essence: This role demands a technically proficient security professional who can ensure robust daily operations of critical security tools, drive strategic improvements, manage a team and stakeholders effectively, and maintain strict compliance – all within complex cloud/hybrid environments. Senior-level engagement and incident competence are crucial.

Key Responsibilities:

• Team & Operations Management: Oversee daily security tooling operations (Forcepoint, Qualys, CyberArk, Symantec), ensuring high availability & performance. Manage a team of analysts.
• Strategy & Projects: Plan and execute security tool upgrades/new implementations. Lead strategic initiatives to enhance infrastructure security.
• Stakeholder & Vendor Management: Coordinate closely with IT, business units, and vendors. Ensure alignment with organizational goals.
• Compliance & Governance: Ensure adherence to ITIL processes, corporate security policies, and compliance frameworks. Lead internal audits & risk assessments, reporting findings to senior management.
• Incident & Security Management: Oversee incident response and resolution. Review firewall/access control changes.
• Team Development: Train, mentor, and develop team capabilities.

Critical Experience Required:

• 6+ years in Information Security , including team leadership .
• Proven hands-on experience: Implementing, supporting, and handling incidents/escalations for key tools (Forcepoint, Qualys, CyberArk, Symantec ).
• Operational Expertise: Managing security tools/infrastructure in cloud/hybrid environments .
• Process & Compliance: Strong understanding of ITIL, risk management, and compliance frameworks .
• Stakeholder Engagement: Experience engaging senior stakeholders competently and professionally.
• Leadership: Strong leadership, coaching, and team management skills.
• Technical Acumen: Strategic thinker with hands-on technical expertise in security infrastructure.
• Communication: Excellent communication and stakeholder management abilities.
• Change Management: Ability to drive change and foster continuous improvement.
• Incident Handling: Competence in managing security incidents.

Education & Credentials:

• Essential: Bachelor’s degree in Computer Science or related field.
• Highly Preferred: Advanced certifications (CISSP, CISM, PMP).

Performance Measured By (KPIs):

• Team performance & SLA adherence.
• Successful delivery of security projects.

• Seniority level Not Applicable

• Employment type Full-time

• Job function Information Technology
• Industries Business Consulting and Services, Financial Services, and Hospitality

Referrals increase your chances of interviewing at PFCC Group by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Head of Information Security - APAC role at BSI

Join to apply for the Head of Information Security - APAC role at BSI

Get AI-powered advice on this job and more exclusive features.

Great that you're thinking about a career with BSI!

Head of Information Security – APAC

Hong Kong OR Kuala Lumpur – Hybrid

About The Role

As the Head of Information Security for our APAC region, you be the business facing part of the information security team within the region. You will work to partner and engage with the business to provide consultancy, support, guidance and advice on all Information Security matters. You will also help support projects and programmes relating to the region and any changes required.

Responsibilities

• Support the implementation of global policies, strategies, processes, standards, procedures, roles and controls within the region.
• Act as regional contact for all IT Security related incidents, providing support the IT Security Operations team, IT Infrastructure teams and local business to resolve the incident quickly.
• Investigate and report on hazards, potential risk events within a specific function or business area and carry out risk assessments as directed.
• Take responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution in relation to information security.
• Review compliance to information security policies and standards, taking legal and regulatory requirements into consideration.
• Ensuring security controls are reviewed, implemented and maintained where appropriate.
• Provide authoritative advice and guidance on security strategies to manage identified risk and ensure adoption.
• Continue to develop and maintain knowledge within technical specialism, and keep up to date with technical specialism across BSI, industries and appropriate professional and trade bodies.
  
  
  

• Previous experience working in a multi-national, matrix style organisation.
• Demonstrable experience working with teams across multiple time-zones.
• High levels of risk management experience (quantify, assess, document and manage).
• Experience of working with/for businesses in China.
• Great understanding of PIPL.
• Fluent language skills in Cantonese and/or Mandarin.
• English language skills both written and verbal to business conversation level.
  
  
  

• Previous hands on technical background.
• An understanding of both highly regulated and lesser regulated industries.
• Previous experience of training within the Information Security sector.
• Experience and or interest in AI.
• Network security skills.
• Security architecture experience.
  
  
  

• Seniority level Executive

• Employment type Full-time

• Job function Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at BSI by 2x

Get notified about new Head of Information Security jobs in Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

4 days ago Be among the first 25 applicants

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

Job Summary

Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.

Job Summary

Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.

The Job

You will:

• Develop and maintain information security policies.
• Perform compliance assessment against information security policies.
• Assist in programme management, and work with external consultants to deliver technology risk and information security projects.
• Conduct information security risk assessments and control assurance testing.
• Assist in delivering information security initiatives and prepare necessary documentation.
• Assist in technology risk management activities.
• Monitor and report on security metrics and trends to monitor the technology and information security risks.
• Promote security awareness within the organization, fostering a culture of risk management.
  
  
  

• University degree in Computer Science, Information Technology, Cybersecurity, Engineering, Risk Management or related fields.
• 5 to 7 years of practical experience in Cyber Security or Technology Risk roles.
• Hands-on experience in enterprise security infrastructure, risk assessments, and security testing.
• Experience with identity and access management systems and principles.
• Familiarity with security frameworks and standards (e.g. ISO27001, NIST).
• Understand second line of defence roles and responsibilities.
• Relevant certifications such as CISSP, CISA or CISM are preferred.
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Kwun Tong District, Hong Kong SAR 1 month ago

Kwun Tong District, Hong Kong SAR 4 days ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Assistant Manager, Information Security Assurance role at The Hong Kong Jockey Club .

Reporting to the Senior Manager, ISA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. This includes designing and implementing a control library to manage cyber risks and developing a control assurance program to test the design and operating effectiveness of controls regularly.

Key responsibilities include conducting information security assurance programs, control testing, red teaming, managing risk assessments, and collaborating with internal and external stakeholders to implement security controls. You will also deliver security projects, ensure robust security measures during system design and operations, coordinate security initiatives, and respond to security incidents to maintain compliance and safeguard assets.

• Assist in establishing the second line of defence (2LOD) technology risk management and security assurance functions.
• Conduct regular assessments and testing of security controls and processes.
• Provide technical advice to ensure compliance with regulations and industry standards.
• Support the selection and review of security solutions, offering design and integration recommendations.
• Implement security initiatives and document processes to adhere to project lifecycles.
• Analyze and report security metrics, trends, and issues to senior management.
• Maintain documentation related to security processes and projects.
• Proactively mitigate network security risks and respond to incidents.
• Guide the configuration and implementation of security controls and frameworks.
• Promote security awareness and foster a risk-conscious culture.
• Support incident management and collaborate with the ERM team to incorporate security risks into the organization’s risk framework.
• Engage with internal audit and third-line functions.

You should have:

• A university degree in Computer Science, IT, Cybersecurity, Engineering, or related fields.
• 3-5 years of experience in information security, risk management, or related areas.
• Hands-on experience with enterprise security infrastructure, risk assessments, and testing.
• Deep knowledge of security principles, risk frameworks, and relevant regulations.
• Familiarity with standards like ISO 27001, NIST.
• Certifications such as CISSP, CISA, CISM, or CRISC are preferred.

Level of appointment will depend on qualifications and experience.

Please send your resume, including expected salary and job reference, by clicking the Apply Now button. We are an equal opportunity employer. Personal data will be handled in accordance with the Club's privacy notice, available upon request.

Join to apply for the Head of Information Security role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established insurance firm, recognized as a large organization in the industry. Operating in a competitive and fast-paced environment, they are heavily focused on technological innovation and security. Their commitment to maintaining the highest standards of information security is one of their top priorities.

As a Head of Information Security , your main responsibilities will include:

1. Defining and implementing the company's information security strategy and roadmap.
2. Developing and maintaining the ISMS based on ISO 27001.
3. Conducting regular information security risk assessments.
4. Ensuring compliance with regulatory requirements related to information security.
5. Managing the information security incident response process.
6. Providing information security training and awareness to all staff.
7. Working closely with the IT department to ensure the security of the IT infrastructure.
8. Reporting to management on information security status and initiatives.

A Successful 'Head Of Information Security' Should Have

• A degree in Information Technology, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, or CISA.
• Proven experience in developing and managing ISMS based on ISO 27001.
• Strong knowledge of information security principles and practices.
• Ability to conduct information security risk assessments and audits.
• Experience in managing information security incidents.
• Strong communication and leadership skills.

• A competitive salary range of around HKD 1,080,000 to HKD 1,200,000.
• Standard benefits package including health insurance and retirement plans.
• Opportunity to work in a technologically advanced environment.
• A supportive and collaborative work culture.

We are looking for an ambitious and dedicated professional to join our team in this critical role. If you have the necessary skills and experience, we would love to hear from you. Apply today to secure your future in a highly rewarding career in the insurance industry.

Contact: Alexis Wee

Quote job ref: JN-052025-6742521

• Director

• Full-time

• Information Technology and Engineering

• Insurance, Financial Services, and Capital Markets

1 week ago Be among the first 25 applicants

• Discover security vulnerabilities through design review, source code review and penetration testing, either manually or by using automated tools, and follow up on the remediation process
• Participate in relevant agile scrum meetings and provide professional recommendations on the design of security controls, libraries, and/or protocols
• Conduct security-related training sessions
• Implement various security control verification and risk detection through automated scripts
• Provide support on application-level security monitoring, intrusion detection, and incident response

Responsibilities

• Discover security vulnerabilities through design review, source code review and penetration testing, either manually or by using automated tools, and follow up on the remediation process
• Participate in relevant agile scrum meetings and provide professional recommendations on the design of security controls, libraries, and/or protocols
• Conduct security-related training sessions
• Implement various security control verification and risk detection through automated scripts
• Provide support on application-level security monitoring, intrusion detection, and incident response

Requirements

• OSCP (or equivalent, such as CREST) is a MUST.
• A deep understanding of OWASP Top 10 and the ability to detect and address logic flaws are highly desirable.
• Minimum four years of experience in Web API testing and proficiency in using BurpSuite is preferred.
• Experience with Mobile App testing, comprehension of jailbreaking/rooting a device, API hooking, reverse engineering, and de-obfuscation is highly beneficial.
• Fluency in spoken and written English is essential, and proficiency in Mandarin would be advantageous.

Not Applicable

Full-time

Engineering and Information Technology

Join to apply for the Information Security Manager role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established organization within the financial services sector. With a large workforce and a solid market presence in Hong Kong, they are committed to maintaining high standards in technology and information security.

As a 'Manager, Information Security,' your main responsibilities will include:

• Overseeing the implementation and maintenance of the bank's information security systems.
• Conducting regular audits and risk assessments to ensure adherence to security protocols.
• Developing and implementing information security policies and procedures.
• Training and mentoring staff on information security best practices.
• Conducting cybersecurity assessments, including penetration testing and infrastructure/web application reviews.
• Managing and maintaining security systems such as firewalls, NAC, IPS, and SIEM.
• Leading and coordinating information security projects across departments.
• Managing incident responses and investigations into security breaches.
• Staying updated on the latest trends and developments in information security.
• Reporting on the status of information security to senior management.

A Successful 'Manager, Information Security' Should Have

• A degree in Computer Science, Information Security, or a related field.
• Proven experience in a managerial role within the field of information security.
• Familiarity with information security regulations and standards in the financial services industry.
• Exceptional leadership and communication skills.
• The ability to handle sensitive information with discretion and integrity.

• A competitive salary in the range of HKD 648,000 - HKD 792,000 per annum.
• Standard benefits package.
• The chance to work in a fast-paced, technology-driven environment within the financial services industry.
• Opportunities for career progression and professional development.
• A supportive and collaborative company culture.

We encourage all candidates who believe they can fulfill these responsibilities and possess the necessary qualifications and skills to apply. This is a fantastic opportunity to join a leading financial organization in Hong Kong and make a significant impact in the field of Information Security.

Contact: Alexis Wee

Quote job ref: JN-052025-6742617

• Mid-Senior level

• Full-time

• Information Technology and Engineering

• Financial Services, Accounting, and Banking

Assistant Manager, Information Security page is loadedAssistant Manager, Information Security Apply locations HK - Centrium time type Full time posted on Posted Yesterday time left to apply End Date: July 31, 2025 (30+ days left to apply) job requisition id REQ12972 REQ12972 Assistant Manager, Information Security (Open)

SUMMARY:

The Assistant Manager will oversee the operational effectiveness of Melco’s cybersecurity tools and lead strategic initiatives to enhance infrastructure security. This role involves managing a team of analysts, coordinating with IT and business units, and ensuring compliance with security policies and standards.

PRIMARY RESPONSIBILITIES:

• Manage day-to-day operations of the security tooling team, ensuring high availability and performance of security systems.

• Lead planning and execution of security tooling upgrades and new implementations.

• Coordinate with IT and business stakeholders to align security controls with organizational goals.

• Ensure compliance with ITIL processes and corporate security policies.

• Oversee incident response and ensure timely resolution of security events.

• Review firewall and access control changes.

• Lead internal audits and risk assessments, presenting findings to senior management.

• Develop team capabilities through training and mentoring.

KEY PERFORMANCE INDICATORS:

Team performance and SLA adherence.

Successful delivery of security projects.

Audit and compliance outcomes.

Stakeholder satisfaction and collaboration effectiveness.

REQUIREMENTS:

Skills / Competencies

• 6+ years of experience in information security, including team leadership.

• Proven experience managing security tools and infrastructure.

• Strong understanding of ITIL, risk management, and compliance frameworks.

• Experience with cloud and hybrid environments.

Education

• Bachelor’s degree in Computer Science or related field; advanced certifications (e.g., CISSP, CISM, PMP) preferred.

PERSONAL COMPETENCIES:

• Strong leadership and coaching skills.

• Excellent communication and stakeholder management.

• Strategic thinker with hands-on technical expertise.

• Ability to drive change and foster a culture of continuous improvement.

Through the implementation of innovative products and services and by working hand-in-hand with globally renowned brands, Melco intends to offer the best entertainment experience that aims to appeal to a broad spectrum of customers and thereby become the leader of gaming industry in the region. In this endeavor, we have a number of projects currently underway or planned.