What Jobs are available for Information Security Leadership in Hong Kong?

Develops and leads one or more of the following highly technical and specialized areas within information security: Security Engineering, Security Architecture, Forensics Analysis, Threat Analysis, Threat Hunting and Penetration Testing. Manages the development, deployment and execution of enterprise security controls and defenses. Monitors, analyzes and exploits system vulnerabilities to detect potential threats. Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence. Determines risk and exposure from security breaches and resolves incidents while providing guidance to business decision-makers.

• Tracks and supports the delivery of information security solutions. Manages the tactical activities of installing and configuring of security systems, software and applications. Coordinates responses to intrusions and provide remediation guidance and support.
• Coordinates resources on highly complex development projects including approval of design specifications and scope. Provides input to short-term security technology roadmaps regarding applicability of new technologies. Disseminates updates to InfoSec Architectural policies, standards and guidelines to team members.
• Reviews forensic investigations and analysis of reported cyber incidents to evaluate root cause vectors and necessary control measures needed to prevent future occurrence. Implements appropriate countermeasures to recover deleted, hidden or lost user data.
• Coordinates research and analysis of threat actor profiles and associated indicators to detect potential threats. Implements recommended actions and security tools to identify, monitor and mitigate attacks. Coordinates with external security organizations to exchange threat intelligence.
• Coordinates complex threat assessment to evaluate incident impact and risk exposure. Reviews cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies), and draws conclusions on possible implications or applicability. Guides the threat intelligence collection process to enhance analytical capabilities.
• Manages execution of penetration testing activities on core systems. Articulates the outcome of stimulated attacks and underlying security issues or system weaknesses. Recommends and institutes remediation techniques or improvements to protect and maintain security frameworks and controls.
• Supports the evaluation and selection of security applications and systems. Manages the implementation of access control defenses. Provides quality review on the evaluation and documentation of team procedures. Manages development, deployment and support activities for multiple critical security technologies to include problem resolution and management, application maintenance, project requests and system enhancements.
• Not an exhaustive list; other duties as assigned.

Minimum Qualifications

• Bachelor's Degree. Relevant Experience or Degree in: Information Security or Computer Science preferred. Other majors will be considered.
• Typically a minimum of 6 years experience.
• related professional experience and prefer a minimum of 1-2 years experience in a supervisory position.
• One or more of the following-CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, CGEIT, Certified Forensic Computer Examiner (CFCE), Certified Cyber Threat Analyst (CCTA), Certified Computer Examiner (CCE)

Preferred Qualifications

• Prior payment or technology industry experience is preferred.
• Master's Degree in a related field of study from an accredited university.

*Purpose of the Job *
The Information Security Manager will be responsible for developing and implementing information security strategies, policies, and procedures to protect our organization from cyber threats and ensure compliance with relevant regulations. He/she will work closely with information security service partners to protect our company from any form of information security and data breach.

Responsibilities

• Develop and implement information security strategies, policies, and procedures that align with the organization's business objectives and regulatory requirements.
• Monitor internal and external policy compliance. He/she will ensure both our vendors and employees understand our cybersecurity risk management policies operate within that framework.
• Design and implement security controls to protect data and systems from unauthorized access, modification, or destruction.
• Work with security vendors to conduct regular risk assessments and vulnerability assessments to identify potential threats and vulnerabilities in the organization's systems, networks, and applications.
• Implement and oversee technological upgrades, improvements and major changes to the information security environment.
• Oversee information security audits, whether by performed by organization or third-party personnel.
• Serve as a focal point of contact for the information security team and the customer or organization.
• Communicate information security goals and new programs effectively with other department managers within the organization.
• Plan and execute security awareness and training programs to promote a culture of security awareness across the organization.
• Manage security incidents and investigations, including identifying, containing, and resolving security incidents in a timely and effective manner.
• Collaborate with internal stakeholders to ensure compliance with relevant laws, regulations, and industry standards.
• Maintain up-to-date knowledge of the latest trends, technologies, and best practices in information security.
• Leverage Global/Regional best practices and security solutions.
• Develop and manage security budgets, contracts, and vendor relationships.

Requirements

• Bachelor's degree in Computer Science, Information Technology, or related field.
• At least 5 years of experience in information security management.
• Strong knowledge of security frameworks, standards, and regulations (e.g., ISO 27001, NIST CSF, GDPR, HIPAA).
• Experience with vulnerability assessment tools, penetration testing tools, and security incident response tools.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with internal and external stakeholders.
• Strong analytical and problem-solving skills.
• Relevant certifications such as CISSP, CISM, or CISA are preferred.
• Strong oral, verbal and written communication skills in English, Cantonese & Mandarin

Summary
Description
Summary of This Role
Develops and leads one or more of the following highly technical and specialized areas within information security: Security Engineering, Security Architecture, Forensics Analysis, Threat Analysis, Threat Hunting and Penetration Testing. Manages the development, deployment and execution of enterprise security controls and defenses. Monitors, analyzes and exploits system vulnerabilities to detect potential threats. Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence. Determines risk and exposure from security breaches and resolves incidents while providing guidance to business decision-makers.

What Part Will You Play?

• Tracks and supports the delivery of information security solutions. Manages the tactical activities of installing and configuring of security systems, software and applications. Coordinates responses to intrusions and provide remediation guidance and support.
• Coordinates resources on highly complex development projects including approval of design specifications and scope. Provides input to short-term security technology roadmaps regarding applicability of new technologies. Disseminates updates to InfoSec Architectural policies, standards and guidelines to team members.
• Reviews forensic investigations and analysis of reported cyber incidents to evaluate root cause vectors and necessary control measures needed to prevent future occurrence. Implements appropriate countermeasures to recover deleted, hidden or lost user data.
• Coordinates research and analysis of threat actor profiles and associated indicators to detect potential threats. Implements recommended actions and security tools to identify, monitor and mitigate attacks. Coordinates with external security organizations to exchange threat intelligence.
• Coordinates complex threat assessment to evaluate incident impact and risk exposure. Reviews cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies), and draws conclusions on possible implications or applicability. Guides the threat intelligence collection process to enhance analytical capabilities.
• Manages execution of penetration testing activities on core systems. Articulates the outcome of stimulated attacks and underlying security issues or system weaknesses. Recommends and institutes remediation techniques or improvements to protect and maintain security frameworks and controls.
• Supports the evaluation and selection of security applications and systems. Manages the implementation of access control defenses. Provides quality review on the evaluation and documentation of team procedures. Manages development, deployment and support activities for multiple critical security technologies to include problem resolution and management, application maintenance, project requests and system enhancements.
• Not an exhaustive list; other duties as assigned.

What Are We Looking For in This Role?
Minimum Qualifications

• Bachelor's Degree
• Relevant Experience or Degree in: Information Security or Computer Science preferred. Other majors will be considered.
• Typically a minimum of 6 years
• related professional experience and prefer a minimum of 1-2 years experience in a supervisory position.
• One or more of the following-CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, CGEIT, Certified Forensic Computer Examiner (CFCE), Certified Cyber Threat Analyst (CCTA), Certified Computer Examiner (CCE)

Preferred Qualifications

• Prior Global Payments, payment or technology industry experience is preferred.
• Master's Degree in a related field of study from an accredited university.

What Are Our Desired Skills and Capabilities?
None Identified

Information Security, Cybersecurity

We are seeking a seasoned professional to join our client, a leading financial institution, as an

Information Security & Technology Risk Manager. This role offers a unique opportunity to drive strategic risk initiatives and strengthen the organization's cyber resilience.

Key Responsibilities

• Lead and manage the implementation of information security and technology risk frameworks across the organization.
• Conduct risk assessments, identify vulnerabilities, and recommend mitigation strategies.
• Collaborate with IT, compliance, and business units to ensure alignment with regulatory requirements and internal policies.
• Monitor emerging threats and trends, and proactively enhance security controls.
• Support internal and external audits, regulatory inspections, and incident response activities.

Requirements

• Bachelor's degree in Information Security, Computer Science, or related discipline.
• Minimum 5 years of experience in technology risk, cybersecurity, or IT audit within banking or financial services.
• Strong understanding of regulatory requirements (e.g., HKMA, MAS, GDPR) and industry standards (e.g., ISO 27001, NIST).
• Excellent communication and stakeholder management skills.
• Professional certifications (e.g., CISM, CISSP, CRISC) are highly preferred.

What you need to do now

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV.

General Job Scope:

Strengthening Identity and Access Management (IAM) governance, overseeing vulnerability management practices, and supporting the implementation of security controls to protect critical assets and data.

• Lead the execution of information security projects, including IAM enhancements and vulnerability remediation initiatives.
• Improve the awareness of the senior management, business users and IT professional on the technology threat the company is facing and more sensitive on protecting customers' interest and privacy.
• Maintain up-to-date knowledge of information security policies, standards, and guidelines, and ensure their effective implementation in local applications to safeguard the integrity, confidentiality, and availability of IT systems and data across the organization.
• Maintain effective communication and influential partnership with strategic key stakeholders.
• Upgrade information security level with the alignment to company standards and guidelines and develop technology governance programmes to uplift company's technology resilience level.
• Address business disruption or service outage proactively and prevent from re-occurrence.
• Establish and maintain processes to identify technology risks and potential breaches, ensuring continuous protection of assets and information.
• Conduct IAM operations and reviews to ensure proper access provisioning, role-based access control, and periodic access certifications in alignment with compliance and audit requirements.
• Oversee vulnerability management activities, including regular scanning, risk assessment, prioritization, and coordination of remediation efforts with relevant teams.
• Drive improvements in security assessment practices, including application and infrastructure reviews, and recommend actionable enhancements.
• Consolidate and track remediation progress for audit findings, with a focus on IAM and vulnerability-related issues, ensuring timely closure and compliance.
• Govern regular assessments of applications and systems, and provide recommendations to strengthen security posture and reduce risk exposure.
• Require to obtain relevant licence(s) if the job involves regulated activities.

Requirements

• Bachelor's degree in Computer Science, Information Systems, or related disciplines preferred.
• 7-10 years of experience in information security governance or related control functions within the financial sector.
• An influencer and facilitator; able to build strong interpersonal relationships, and inform, guide and motivate stakeholders and technology experts at different levels to address risks with due care and attention to detail.
• Strong communication skills; able to explain risks that are often complex and obscure to non-specialists; a good listener who can understand stakeholders' concerns;Hands-on experience in developing scripts or tools using Python to support security automation, data analysis, or process improvement.
• Strong understanding of IAM principles and vulnerability management practices.
• Prior experience in IT risk control, audit, or project management is an advantage.
• Ability to work independently and manage tasks under tight deadlines.

General Job Scope:

Strengthening Identity and Access Management (IAM) governance, overseeing vulnerability management practices, and supporting the implementation of security controls to protect critical assets and data.

• Lead the execution of information security projects, including IAM enhancements and vulnerability remediation initiatives.
• Improve the awareness of the senior management, business users and IT professional on the technology threat the company is facing and more sensitive on protecting customers' interest and privacy.
• Maintain up-to-date knowledge of information security policies, standards, and guidelines, and ensure their effective implementation in local applications to safeguard the integrity, confidentiality, and availability of IT systems and data across the organization.
• Maintain effective communication and influential partnership with strategic key stakeholders.
• Upgrade information security level with the alignment to company standards and guidelines and develop technology governance programmes to uplift company's technology resilience level.
• Address business disruption or service outage proactively and prevent from re-occurrence.

• Establish and maintain processes to identify technology risks and potential breaches, ensuring continuous protection of assets and information.

• Conduct IAM operations and reviews to ensure proper access provisioning, role-based access control, and periodic access certifications in alignment with compliance and audit requirements.

• Oversee vulnerability management activities, including regular scanning, risk assessment, prioritization, and coordination of remediation efforts with relevant teams.
• Drive improvements in security assessment practices, including application and infrastructure reviews, and recommend actionable enhancements.
• Consolidate and track remediation progress for audit findings, with a focus on IAM and vulnerability-related issues, ensuring timely closure and compliance.
• Govern regular assessments of applications and systems, and provide recommendations to strengthen security posture and reduce risk exposure.
• Require to obtain relevant licence(s) if the job involves regulated activities.

Requirements

• Bachelor's degree in Computer Science, Information Systems, or related disciplines preferred.
• 7-10 years of experience in information security governance or related control functions within the financial sector.
• An influencer and facilitator; able to build strong interpersonal relationships, and inform, guide and motivate stakeholders and technology experts at different levels to address risks with due care and attention to detail.
• Strong communication skills; able to explain risks that are often complex and obscure to non-specialists; a good listener who can understand stakeholders' concerns;Hands-on experience in developing scripts or tools using Python to support security automation, data analysis, or process improvement.
• Strong understanding of IAM principles and vulnerability management practices.
• Prior experience in IT risk control, audit, or project management is an advantage.
• Ability to work independently and manage tasks under tight deadlines.

About Dah Sing Group
The Dah Sing Group is a leading financial services group in Hong Kong offering banking, insurance, financial and other related services through its growing network of over 70 branches in Hong Kong, Macau and Mainland China.
Our currency is caring, teamwork and progressiveness. We accept that everyone is unique and different in talent, but alike in the capacity for growth. Our task is to shape a culture that creates a sense of pride in achieving something beyond just a job, and an environment where you can be your true and authentic self, like at home.



Job Purpose:
Assist Head of Information Security to ensure adequate and effective controls are in place.



Main Responsibilities:
• Support security tools including network firewall, DLP, SIEM, vulnerability scanning,
• micro-segmentation
• Review the firewall rule change requests; conduct the modification or reject if the request
• may expose the Group to unacceptable risk
• Act as project manager role on information security projects
• Provide technical guidance to systems and network team regarding security configurations
• Analyse cybersecurity incidents and make recommendations on remedial actions.
• Define and design adequate security controls to maintain secure control environment.
• Conduct regular security assessment on systems, network and IT infrastructure
• Provide security advisory service to stakeholders on new initiatives and development
• projects.
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill
• in regular basis.
• Monitor and govern external service providers, including both outsourcing service
• providers and connected third parties, to deliver the services as per the Group's security
• requirements.



Incumbent Requirements:
• Minimum 6 years of relevant work experience in technology risk, information security
• and cybersecurity
• University graduate in Computer Science / Information Technology or equivalent.
• One or more certificates listed below:
- ISC2 Certified Information Security Professional (CISSP)
- ISACA Certified Information System Auditor (CISA)
- ISACA Certified Information Security Manager (CISM)
- ISC2 Certified Cloud Security Professional (CCSP)
• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and
• application security of finance/banking systems, in particular hands on experience in
• firewall management
• Experience in regulators' requirement on technology risk management including the
• Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls
• Framework of SWIFT
• Strong information security sense in relation to business requirements
• Mature, independent and able to deliver quality results under tight schedule


Please note that only shortlisted candidates will be notified.

Security Manager (On-Site Commander) — Kowloon District

We are seeking an experienced and dynamic professional to serve as the on-site commander and strategic lead for a major security operation in Kowloon. This pivotal leadership role represents our contractor and assumes full command responsibility for managing, planning, and supervising a comprehensive security team within a prestigious campus environment.

Key Responsibilities

Exercise full command of the on-site security operation, maintaining close liaison with the Security Control Center.

Lead, manage, and discipline a large team of 100+ security personnel.

Conduct daily patrols and integrity checks to ensure site safety and operational readiness.

Develop and implement strategic security plans, conduct risk assessments, and direct tactical staff deployment.

Lead complex incident investigations and compile comprehensive reports.

Design and deliver professional training programs covering technical, disciplinary, and physical aspects of security work.

Provide expert strategic advice on security and risk management to the client's Head of Security.

Oversee duty rostering and ensure precise maintenance of all security records and documentation.

Requirements

Proven leadership experience: Minimum 5 years in a full-time supervisory role managing at least 100 security personnel at a large commercial or institutional site; OR 10 years' service in a disciplinary/law enforcement agency with equivalent large-site command experience.

Holder of a recognized Hong Kong degree or completion of formal disciplinary/law enforcement pre-employment training.

Fully proficient in English, Cantonese, and Putonghua, with strong verbal, written, and reading skills.

Demonstrated competence in training, case investigation, strategic planning, and risk assessment.

Exemplary integrity, discipline, professionalism, and physical fitness, with a verifiable employment history.

Must possess a valid Hong Kong Driving License (Class 1 & 2) with a clean driving record for the past 3 years.

工作類型: 全職, 長工

薪酬: 每月 $45,000.00 起

福利:

• 在職專業培訓
• 有薪年假

Work Location: 親身到場

About Us

Find Your Shangri-La in Shangri-La.

Headquartered in Hong Kong SAR, Shangri-La Group has grown from a single hotel business to a diverse and integrated global portfolio comprising quality real estate and investment properties, wellness and lifestyle facilities.

Today, the Group owns, operates and manages 100+ hotels under our family of five brands: Shangri-La Hotels & Resorts, Shangri-La Signatures, Kerry Hotels, JEN by Shangri-La, and Traders.

Luxury 5-Star Hotel in Hong Kong | Island Shangri-La

About the Role

As a Security Manager, you will be ensuring smooth daily operations of the Security Department, safeguarding hotel assets and managing manpower for special events.

Key Responsibilities

• Assist Director of Security in planning, organizing, supervising staff and quality controls in the Security Department.
• Manage duty rosters, leave requests and manpower planning for special events and VIP functions.
• Attend all necessary meetings and disseminate all relevant information obtained to Shifts Supervisors, ensuring the team maintain crime awareness and protection of Hotel assets.
• Handle incident reports, accident reports, E-log reports and maintenance records in line with prescribed format and standards.
• Deliver security training to team members and other Departments.
• Perform any other duties as assigned by Management.

About You

• Diploma or certificate in Security Management with valid Security Personnel Permit and driving license.
• At least 5 years of experience, including 3 years of supervisory experience in the Hotel or Security Industry.
• Strong risk assessment and independent operational capabilities; familiar with access control, alarm monitoring, and CCTV systems.
• Strong leadership, organizational and communication skills.
• Good command of spoken and written English and Chinese.

Why Join Us

• A workplace that values your passion and supports self-realization and personal growth.
• Structured learning and development pathways with real opportunities to advance your professional craft and leadership skills.
• Competitive benefits, recognition programs, and colleague stay/travel perks that reward your contribution and dedication.
• Teams that promote inclusion and respect, value diversity, and foster a secure environment where everyone can thrive.

We are an equal opportunity employer. Applications from all qualified candidates are welcomed. All information provided by applicants will be treated in and used only for recruitment purposes.

We appreciate your interest in joining us. Please note that only successful candidates will be contacted.