What Jobs are available for Information Security Engineer in Hong Kong?

Our client is a well known company in HK and they are looking for a Information Security Engineer to cope with their business.

Responsibilities:

• ISO 27001 Compliance: Develop, implement, and maintain the Information Security Management System (ISMS) in accordance with ISO 27001 standards.
• Risk Assessment: Conduct regular risk assessments and audits to identify vulnerabilities, threats, and risks to the organization's information assets.
• Policy Development: Create and update security policies, procedures, and guidelines to ensure compliance with regulatory requirements and best practices.
• Incident Response: Manage and respond to security incidents, performing root cause analysis and implementing corrective actions to prevent recurrence.
• Training and Awareness: Develop and deliver training programs to promote security awareness among staff and ensure adherence to security protocols.

Requirements:

• Educational Background: Bachelor's degree in Information Technology, Cybersecurity, or a related field; relevant certifications (e.g., CISSP, CISA, CISM) are advantageous.
• Experience: Minimum of 3-5 years in information security roles with a focus on ISO 27001 compliance and security operations.
• Technical Skills: Proficiency in security frameworks, risk management practices, and incident response methodologies; familiarity with security tools and technologies.
• Analytical Skills: Strong analytical and problem-solving skills to assess security risks and develop effective mitigation strategies.
• Communication Skills: Excellent verbal and written communication skills for reporting security issues and training employees on security practices.

Interested parties, please kindly send your CV to , thanks

Please note that only short listed candidates will be notified. All information gathered will be treated in strict confidence and solely used for recruitment purposes

Job Responsibilities:

• Responsible for managing information security and infrastructure systems to ensure the smooth operation of all enterprise systems and network
• Support day-to-day monitoring and control of information security program, systems, configuration, patching and backup
• Assist in conducting risk assessment and information security review of internal operations, vulnerability assessments and tests for enterprise continuous improvement
• Assist in developing and continuously improve the information security issues and resolve the audit findings
• Coordinate implementation and validation of information security controls
• Monitor and assess information security violations incidents and responses
• Troubleshooting and provide technical support for information security solutions
• Assist in preparing training materials to promote information security awareness across the enterprise
• Maintain up-to-date inventory on infrastructure equipment and software
• Perform other duties as assigned by the supervisors

Requirements:

• Degree holder in Information Technology, Computer Science or related disciplines
• Holder of CISSP, CISA, CCNA, MCSE or relevant certification preferred
• 2+ years relevant working experience on information security, infrastructure maintenance and technical support
• Experience in developing and implementing information security control process, hands-on working experience in Microsoft Windows Server, Linux, Networking, Firewall, Antivirus, VMware and System Hardening
• Knowledge of ISO27001 or Risk Management is a plus
• Positive, responsible, able to work independently and maintain confidentiality
• Fresh graduates and willing to learn will also be considered

About the company:

Our client is a leading global professional firm operating in over thirty countries. The Lead Information Security Engineer role's is to safeguard the organization's IT systems and data. This role requires the candidate's active participation in the implementation of security policies and procedures, the monitoring and analysis of security events and the maintenance of security tools. Other responsibilities are to identify, investigate and resolve any security threats, vulnerabilities and incidents. The candidate must keep up to date with the latest security trends, have excellent communication and problem-solving skills and have a deep understanding of security principles and technologies. The individual will have a functional role in mentoring other team members and share the off-hour support responsibilities.

Responsibilities:

• Review, analyze, and monitor security system reports and logs for suspicious activities, trends, and patterns. This includes web filters, mail gateways, firewalls, encryption systems, anti-malware systems, and IDS/IPS.
• Configure, maintain, and administer security products and solutions used within the firm.
• Configure, maintain, and administer firewalls, web proxy devices, data loss prevention systems, and security information event monitoring systems.
• As a member of the Incident Response Team, respond to alerts, warnings, incidents, and help desk tickets to minimize firm asset exposure under the direction of the IS Security Manager.
• Participate in troubleshooting efforts for all IT security-related problems, including managing and using TAM arrangements with specified security vendors.
• Serve as a technician/engineer on IS projects.
• Conduct risk and security reviews on products as directed by the IT Security Manager or IS management.
• Configure access control systems, assigning rights to appropriate resources for users, IS personnel, and vendors.
• Recommend controls to ensure appropriate protection levels and adherence to the overall information security strategy.
• Monitor IS security metrics, including security system logs, Windows server logs, and network monitoring systems.
• Administer systems and processes to monitor and reconcile system patch status and discovered vulnerabilities, managing metrics that provide patch and vulnerability status. Work with responsible groups inside and outside of IT to remediate.
• Provide consultation and conduct internal investigations that may require forensic analysis under the direction of the IT Security Manager and/or IS management.
• Respond to audit findings as directed by the IT Security Manager and/or IT Management.
• Evaluate and recommend commercial security vendors and products.
• Perform other duties as assigned or required.

Qualifications and Experience

• Bachelor's degree in Cybersecurity Engineering or Computer Sciences
• Strong professional experience in information security with a focus on security operations and technical support
• Experience in Microsoft office Suite, iManage or others company technologies
• Expereince in Palo Alto Network's Firewalls and Prisma Access
• Hand on experience with VPN, SSL and other encryption technologies
• Good knowledge of server, workstation, and Active Directory technologies that impact security controls
• Deep understanding of TCP/IP, DNS and common network services
• Experience with security frameworks and compliance requirements such as GDPR, ISO 27001, NIST 800 and PCI DSS.

If you believe you have the right skills, attitude and experience please click 'apply now' below and upload your resume. Alternatively, for a confidential chat, please contact Kevin Ng by applying directly to email  or reach out at

We apologies that only shortlisted candidates will be contacted.

Company Introduction:
*We're home to Asia's most dynamic and vibrant capital markets.

Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.
HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."
Job Summary: *
The Information Security Engineer is part of the Information Security function, playing a key role in enhancing the organization security posture. The incumbent is responsible for designing, building, operating, and evolving enterprise IT security solutions to meet the organization's security requirements, while engaging key stakeholders to deliver key security services.

Job Duties:
Job Responsibilities:

• Engineer, implement and monitor security measures for the protection of computer systems, networks and information.
• Configure and troubleshoot security infrastructure to ensure optimal performance and alignment with security policies.
• Maintain all solution design documentation, processes, procedures and report on metrics to demonstrate effective and efficient management of services.
• Support security tool enhancements and policy governance, including tasks such as reviewing and updating application control policies, managing user access profiles, and performing regular recertification of access rights. Tools involved may include application whitelisting platforms and Endpoint Detection & Response (EDR) solutions.
• Deliver and maintain core security services, such as integrating systems with Identity and Access Management (IAM) platforms (e.g., Privileged Identity Management and Identity Governance & Administration), maintaining system account inventories, and coordinating periodic access reviews and recertification campaigns.
• Ensure security tools are properly configured and maintained to support the detection of and response to cyber security threats (e.g., tuning alert rules, updating threat signatures, and integrating tools with incident response workflows).
• Conduct and document disaster recovery testing for security tools.
• Ensure smooth daily operations of account management processes, including reviewing system account requests for accuracy, identifying and resolving automation issues, and driving process improvements through automation and workflow optimization.
• Manage relationship with product vendors and suppliers to ensure timely maintenance, updates, and enhancements of security tools and solutions.

Job Requirements:

• Must have a relevant University degree in Computer Science, Information Management, or related field, or equivalent experience.
• Proven work experience as a System Security Engineer or Information Security Engineer.
• Experience in building, maintaining and operating security systems and platforms.
• Hands on experience in EndPoint security (e.g., app control, EDR) and IAM (e.g., PIM, IGA) tools and related workflows.
• Understanding of the latest security principles, techniques, and protocols (such as zero trust, etc).
• Ability to work collaboratively in cross-functional teams and communicate effectively with technical and non-technical stakeholders.
• Good presentation, project planning and documentation skills.
• Problem solving skills and ability to work under pressure.
• Familiarity with web technologies (e.g., web applications, web Services, service-oriented architectures) and network/web protocols.
• Knowledge with application, database and operating system and cloud security (AWS or Huawei Cloud Stack) is an asset.
• Experience with scripting (e.g., Python) or automation tools (e.g., Ansible) is preferred.
• Understanding of risk / control frameworks, such as Mitre ATT&CK, D3FEND, OWASP or NIST Cybersecurity Framework will be added advantage.
• Professional certifications such as CISSP, CISM, CEH, GIAC (e.g., GSEC, GCIA, GPEN), or AWS Certified Security will be added advantage .

HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.
Location:
HKEX - TKO

Shift:
Standard - 40 Hours (Hong Kong SAR)

Scheduled Weekly Hours:
40

Worker Type:
Permanent

About the company:
Our client is a leading global professional firm operating in over thirty countries. The Lead Information Security Engineer role's is to safeguard the organization's IT systems and data. This role requires the candidate's active participation in the implementation of security policies and procedures, the monitoring and analysis of security events and the maintenance of security tools. Other responsibilities are to identify, investigate and resolve any security threats, vulnerabilities and incidents. The candidate must keep up to date with the latest security trends, have excellent communication and problem-solving skills and have a deep understanding of security principles and technologies. The individual will have a functional role in mentoring other team members and share the off-hour support responsibilities.

Responsibilities:

• Review, analyze, and monitor security system reports and logs for suspicious activities, trends, and patterns. This includes web filters, mail gateways, firewalls, encryption systems, anti-malware systems, and IDS/IPS.
• Configure, maintain, and administer security products and solutions used within the firm.
• Configure, maintain, and administer firewalls, web proxy devices, data loss prevention systems, and security information event monitoring systems.
• As a member of the Incident Response Team, respond to alerts, warnings, incidents, and help desk tickets to minimize firm asset exposure under the direction of the IS Security Manager.
• Participate in troubleshooting efforts for all IT security-related problems, including managing and using TAM arrangements with specified security vendors.
• Serve as a technician/engineer on IS projects.
• Conduct risk and security reviews on products as directed by the IT Security Manager or IS management.
• Configure access control systems, assigning rights to appropriate resources for users, IS personnel, and vendors.
• Recommend controls to ensure appropriate protection levels and adherence to the overall information security strategy.
• Monitor IS security metrics, including security system logs, Windows server logs, and network monitoring systems.
• Administer systems and processes to monitor and reconcile system patch status and discovered vulnerabilities, managing metrics that provide patch and vulnerability status. Work with responsible groups inside and outside of IT to remediate.
• Provide consultation and conduct internal investigations that may require forensic analysis under the direction of the IT Security Manager and/or IS management.
• Respond to audit findings as directed by the IT Security Manager and/or IT Management.
• Evaluate and recommend commercial security vendors and products.
• Perform other duties as assigned or required.

Qualifications and Experience

• Bachelor's degree in Cybersecurity Engineering or Computer Sciences
• Strong professional experience in information security with a focus on security operations and technical support
• Strong Experience in Microsoft office Suite, iManage or others company technologies
• Experience with VPN, SSL and other encryption technologies
• Good knowledge of server, workstation, and Active Directory technologies that impact security controls
• Deep understanding of TCP/IP, DNS and common network services
• Experience with security frameworks and compliance requirements such as GDPR, ISO 27001, NIST 800 and PCI DSS.

If you believe you have the right skills, attitude and experience please click 'apply now' below and upload your resume. Alternatively, for a confidential chat, please contact Kevin Ng by applying directly to email  or reach out at

We apologies that only shortlisted candidates will be contacted.

At Lalamove, we believe in the power of community. Millions of drivers and customers use our technology every day to connect with one another and move things that matter. Delivery is what we do best and we ensure it is always fast and simple. Since 2013, we have tackled the logistics industry head on to find the most innovative solutions for the world's delivery needs. We are full steam ahead to make Lalamove synonymous with delivery and on a mission to impact as many local communities as we can. We have massively scaled our efforts across Asia and now have our sights on taking our best in class technology to the rest of the world. And we need your help to get us there

We're looking for a Senior Network and Security Analyst to join our growing cybersecurity team in Hong Kong. You'll be pivotal in supporting the growing anti-cyber arracks infrastructure and tools use in our upcoming new markets.

What you'll do:

• Perform security and network infrastructure deployment, maintenance, support and troubleshooting;
• Implement, and optimize cybersecurity solutions (e.g., SIEM, EDR, DLP, CVM, PAM, IAM) in an enterprise environment;
• Conduct vulnerability management operations, including scheduling regular scans for systems, network infrastructure, applications, and endpoints;
• Strengthen cybersecurity defenses, incident response readiness, and recovery procedures;
• Perform security and risk analyses, prepare incident reports for critical events, and present findings to management;
• Support security hardening initiatives, security alert configurations, and other technical implementations;

What you'll need:

• Bachelor's degree in Computer Science, IT, Cybersecurity, or a related field.
• Minimum 5 years of hands-on network and cybersecurity experience
• Technical Expertise in NGFW, WAF, IPS/IDS, NAC, EDR, anti-virus, and system/network hardening.
• Hands-on experience of SIEM & incident handling such as Elasticsearch
• Good knowledage on Linux, Windows, networking, and cloud platforms (AWS / Azure).
• Strong understanding of network security principles, including firewalls, SASE, IPS, , and encryption, Anti-DDoS platform such as Cloudflare and Akamai
• Certifications (Preferred) such as CISSP, CISM, CISA, OSCP, ITIL, CCSA, or equivalent.
• Excellent problem-solving abilities, teamwork, adaptability under pressure, and strong communication skills.
• Fluency in English; Chinese or Mandarin is a plus.

Born from Hong Kong's demand for fast, convenient, and reliable payment solutions, Octopus introduced the world's first contactless multi-modal transit payment system in 1997. Since then, this homegrown FinTech company has pioneered innovative payment solutions for urban living across four continents. Our Vision To become the most preferred payment and lifestyle companion that connects customers and business partners through our best-in-class products and services. Our Mission Making everyday life easier. Our Values Customer Centricity, Simplicity & Trustworthiness. Dedicated to addressing customer needs and adapting to evolving market trends, Octopus has broadened its services beyond transportation to encompass retail, e-commerce, cross-border transactions, and travel abroad. Today, we serve approximately 98% of Hong Kong's population, processing around 15 million transactions at more than HK$300 million on average daily. At the heart of our success are our colleagues. We value mutual respect, foster collaboration, and encourage innovation and partnership. Join us and shape the future of payment solutions. Your impact starts here

Job Responsibilities:

• Perform daily security operations tasks, including reviewing security events and logs and investigating phishing emails and websites
• Diagnosing and responding to security incidents
• Conducting secure code reviews
• Support the implementation of security initiatives to ensure the compliance with corporate information security policies and compliance standards
• Keep abreast of the latest technologies such as cloud computing and mobile devices, and the corresponding security challenges as well as control

Requirements:

• Degree holder in Information Security, IT, Computer Science or other related disciplines
• Minimum 3 years of work experience in IT security or equivalent; candidates with less experience will be considered as System Engineer
• Hands-on experience in Security Operation Centre (SOC) or equivalent to security event monitoring and investigation is a plus
• Hands-on experience in Security Source Code review
• Knowledge in deploying and supporting IT security infrastructures, such as firewall, IDS/IPS, web proxy security, email security, endpoint protection, vulnerability scanning, penetration test, SIEM, identity management, privileged access management and data encryption technologies
• Knowledgeable in TCP/IP, Linux/UNIX System Administration, and Windows System Administration
• Knowledge of Database Administration, Network Security, Mobile Technology, Cloud Security, Application Security, Active Directory Security and Virtualization Technology is preferred
• Knowledge of Core Java / C / C++ / Python is preferred
• Familiar with information security standards such as ISO27001 and HKMA C-RAF is a plus
• Good problem solving and trouble shooting skills
• Effective communication and interpersonal skills
• Able to work under pressure, self-motivated and good team player
• Passionate about technology and cyber security
• Holder of security certificates such as GIAC, CEH, OSCP, CISSP, CISA is preferred

We offer successful candidate an attractive remuneration package and excellent career prospects. Interested parties please send your resume, present and expected salary, contact details and quoting the reference number by clicking "Apply Now"

Visit our web site: 

The personal data collected will be used for recruitment purposes only. If you are not contacted by us within six weeks, you may consider your application unsuccessful. Personal data with an unsuccessful applicant will be destroyed 12 months after rejection of the application. During this retention period, you have the right to request for correction or destruction of your personal data at any time. Any request for the correction or destruction of personal data should be addressed in writing to our Human Resources & Administration Department.

Octopus is an equal opportunity employer and all employment decisions and Human Resources policies are administered; especially those relating to recruitment & selection, compensation & benefits, promotion & transfer, training & development and termination & redundancy; without discrimination on the basis of age, race, colour, religion,sex, national origin, marital status, pregnancy, physical and mental disability and family status but on genuine occupational qualification, job performance, employees' ability and internal/ external relativities.

Job Description:

• Minimum of 4 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

About Pure Software:

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world's top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

Job Purpose

You will be responsible for carrying out information security functions and activities for the Technology function.

Responsibilities

• Protect the confidentiality, integrity and availability of all assets and systems through monitoring, detection, and analysis activities
• Review and assess information security requests to determine compliance with organizational policies and standards.
• Prepare and present cybersecurity-related reports, highlighting risks, incidents, and remediation efforts.
• Facilitate the annual recertification process for user access and security controls.
• Collaborate with IT teams to implement security measures, and remediate the audit findings
• Participate in and manage security-related projects to enhance overall security posture.
• Support Information security team to develop and implement security policies, procedures and guidelines
• Validate information security controls effectiveness and agreed deliverables to assure security standards/plans are achieved.
• Review the current IT Security solution and Security Policy to identify potential gaps within the organisation
• Undertake monitoring of security controls and policy adherence in line with Bupa policies based on ISO27001 and NIST Cybersecurity
• Monitor the security controls for security breaches and investigate violations
• Conduct risk and vulnerability assessment at the network, system and application level, and assess resulting impact on risk

Qualifications, Training and Experience

• Relevant Bachelor's/Master's degree holder from a recognized university
• 3-5 years of relevant work experience on managing security technologies
• Work experience in cloud security solution experience (Wiz preferred)
• Work experience in web proxy / SASE solutions (Palo Alto Prisma SASE preferred)
• Work experience cloud platforms (Azure, GCP preferred)
• Experience in managing security solutions, such as Wiz, Palo Alto Prisma, Zscaler, MS Defender, Imperva, Cloudfare
• Scripting skills, such as Terraforms, MS PowerShell, Python
• Good communication skills and the ability to collaborate well with across departments
• Able to demonstrate a positive, logical, and proactive approach while executing the assigned tasks
• Certification holder in information security (CISSP, CISA, etc.) will be an advantage.
• Ability to prioritize work and design schedules to meet the desired requirements

Bupa offers 5 days' work per week and comprehensive remuneration packages including base salary, study assistance plan, company pension plan, life and medical benefit, dental benefit, annual leave, examination leave, etc.

Bupa is an equal opportunity employer and welcomes applications from qualified candidates. Information provided will be treated in strict confidence and only be used for consideration of application with Bupa.

Personal data collected will be used for recruitment purposes only. Bupa will be in touch for any opportunities that matches your profile. All personal data of unsuccessful application will be destroyed 24 months from the date of receiving the application. Full version of Data Privacy Notice available upon request.