215 Information Security Manager jobs in Hong Kong

Join to apply for the Information Security Manager role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established organization within the financial services sector. With a large workforce and a solid market presence in Hong Kong, they are committed to maintaining high standards in technology and information security.

As a 'Manager, Information Security,' your main responsibilities will include:

• Overseeing the implementation and maintenance of the bank's information security systems.
• Conducting regular audits and risk assessments to ensure adherence to security protocols.
• Developing and implementing information security policies and procedures.
• Training and mentoring staff on information security best practices.
• Conducting cybersecurity assessments, including penetration testing and infrastructure/web application reviews.
• Managing and maintaining security systems such as firewalls, NAC, IPS, and SIEM.
• Leading and coordinating information security projects across departments.
• Managing incident responses and investigations into security breaches.
• Staying updated on the latest trends and developments in information security.
• Reporting on the status of information security to senior management.

A Successful 'Manager, Information Security' Should Have

• A degree in Computer Science, Information Security, or a related field.
• Proven experience in a managerial role within the field of information security.
• Familiarity with information security regulations and standards in the financial services industry.
• Exceptional leadership and communication skills.
• The ability to handle sensitive information with discretion and integrity.

• A competitive salary in the range of HKD 648,000 - HKD 792,000 per annum.
• Standard benefits package.
• The chance to work in a fast-paced, technology-driven environment within the financial services industry.
• Opportunities for career progression and professional development.
• A supportive and collaborative company culture.

We encourage all candidates who believe they can fulfill these responsibilities and possess the necessary qualifications and skills to apply. This is a fantastic opportunity to join a leading financial organization in Hong Kong and make a significant impact in the field of Information Security.

Contact: Alexis Wee

Quote job ref: JN-052025-6742617

• Mid-Senior level

• Full-time

• Information Technology and Engineering

• Financial Services, Accounting, and Banking

Join to apply for the Insurance - Information Security Manager role at Michael Page

1 day ago Be among the first 25 applicants

Join to apply for the Insurance - Information Security Manager role at Michael Page

About Our Client

The hiring company is a large organization within the insurance industry, known for its strong market presence and commitment to innovation. The company offers a collaborative environment and focuses on delivering high-quality services to its clients in Hong Kong.

• Strategic Impact
• Professional Growth
  
  
  

• Deliver expert guidance on security matters related to solution design, business initiatives, and general security inquiries.
• Create and update documentation for security policies and procedures, ensuring consistency with corporate security frameworks and standards.
• Perform risk evaluations on technology implementations and security controls to uncover vulnerabilities and propose mitigation strategies. Maintain a risk log and communicate potential impacts to relevant stakeholders.
• Lead and manage end-to-end security assessments and ISO compliance audits.
• Assist with external audit and regulatory compliance activities, and formulate action plans to address any identified gaps.
• Supervise the handling of security incidents, supporting frontline teams to ensure prompt identification, response, and resolution.
• Regularly assess and refine security policies and operational workflows to strengthen control measures.
• Compile and present security reports to the Chief Security Officer and senior leadership.
  
  
  

• Minimum of 5 years' experience in cybersecurity, risk management, or a related discipline.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a similar field.
• Proven success in driving and executing effective security programs and initiatives.
• Strong analytical skills with the ability to navigate complex business environments and work independently.
• Exceptional communication and presentation abilities, capable of translating technical security concepts into business-friendly language.
• Experience in a global or multinational corporate setting is preferred.
• Proficiency in English, both spoken and written.
• Possession of relevant certifications such as CISSP, CISA, OSCP, CEH, ISO 27001, NIST, or equivalent is advantageous.
  
  
  

• Competitive annual salary in the range of HKD 660,000 to HKD 816,000.
• Opportunity to work in a large organization within the insurance industry with a focus on innovation.
• Collaborative company culture that values professional growth and development.
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology and Engineering
• Industries Insurance, Financial Services, and Capital Markets

Referrals increase your chances of interviewing at Michael Page by 2x

Get notified about new Information Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 week ago

Kwun Tong District, Hong Kong SAR 2 months ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwai Tsing District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Insurance - Information Security Manager role at Michael Page

1 day ago Be among the first 25 applicants

Join to apply for the Insurance - Information Security Manager role at Michael Page

About Our Client
The hiring company is a large organization within the insurance industry, known for its strong market presence and commitment to innovation. The company offers a collaborative environment and focuses on delivering high-quality services to its clients in Hong Kong.

• Strategic Impact
• Professional Growth
  

• Deliver expert guidance on security matters related to solution design, business initiatives, and general security inquiries.
• Create and update documentation for security policies and procedures, ensuring consistency with corporate security frameworks and standards.
• Perform risk evaluations on technology implementations and security controls to uncover vulnerabilities and propose mitigation strategies. Maintain a risk log and communicate potential impacts to relevant stakeholders.
• Lead and manage end-to-end security assessments and ISO compliance audits.
• Assist with external audit and regulatory compliance activities, and formulate action plans to address any identified gaps.
• Supervise the handling of security incidents, supporting frontline teams to ensure prompt identification, response, and resolution.
• Regularly assess and refine security policies and operational workflows to strengthen control measures.
• Compile and present security reports to the Chief Security Officer and senior leadership.
  

• Minimum of 5 years' experience in cybersecurity, risk management, or a related discipline.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a similar field.
• Proven success in driving and executing effective security programs and initiatives.
• Strong analytical skills with the ability to navigate complex business environments and work independently.
• Exceptional communication and presentation abilities, capable of translating technical security concepts into business-friendly language.
• Experience in a global or multinational corporate setting is preferred.
• Proficiency in English, both spoken and written.
• Possession of relevant certifications such as CISSP, CISA, OSCP, CEH, ISO 27001, NIST, or equivalent is advantageous.
  

• Competitive annual salary in the range of HKD 660,000 to HKD 816,000.
• Opportunity to work in a large organization within the insurance industry with a focus on innovation.
• Collaborative company culture that values professional growth and development.
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology and Engineering
• Industries Insurance, Financial Services, and Capital Markets

Referrals increase your chances of interviewing at Michael Page by 2x

Get notified about new Information Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 week ago

Kwun Tong District, Hong Kong SAR 2 months ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwai Tsing District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

About Dah Sing Group
The Dah Sing Group is a leading financial services group in Hong Kong offering banking, insurance, financial and other related services through its growing network of over 70 branches in Hong Kong, Macau and Mainland China.
Our currency is caring, teamwork and progressiveness. We accept that everyone is unique and different in talent, but alike in the capacity for growth. Our task is to shape a culture that creates a sense of pride in achieving something beyond just a job, and an environment where you can be your true and authentic self, like at home.



Job Purpose:


Reporting to the Head of Information Security to support delivering information security services and carrying out information security related activities.



Job Description of the position:


• Conduct cyber security testing covering penetration test, Infra and Web Manage security tools
• Manage network security system covering firewall, NAC, IPS, SIEM and etc.
• Act as project manager role on Information security projects.
• Support and Analyze cybersecurity incidents and make recommendations on remedial actions.
• Define and design adequate security controls to maintain secure control environment.
• Provide security advisory service to stakeholders on new initiatives and development projects.
• Implement systems and procedures to enable digital forensics capabilities
• Maintain Cyber Incident Response plan and playbook. Conduct cyber incident response drill in regular basis.



Incumbent Requirements:


• University graduate in Computer Science / Information Technology or equivalent.
• Minimum 6 years of relevant work experience in information security, cybersecurity or technology risk
• Possess one or more professional certificates : OCSP, CISSP, CISM, CCSP, CISA
• Solid experience on penetration test, red/blue team exercise and network security including firewall, NAC, IPS.
• Sound knowledge of regulators' requirement on Cyber Resilience Assessment Framework (CRAF)
• Sound knowledge of vulnerability management and threat intelligence analysis.
• Strong communication in both Chinese and English; Good communication and interpersonal skills.
• Mature, independent and able to deliver quality results under tight schedule.


Please note that only shortlisted candidates will be notified.

2 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

We are seeking a highly skilled Governance, Risk, and Compliance (GRC) Manager / (Senior) Specialist to join our cybersecurity team. The ideal candidate will be responsible for developing and overseeing the organization’s cybersecurity governance framework, managing risks, and ensuring compliance with regulatory and industry standards.

Responsibilities

• Develop, implement, and maintain the GRC framework, including policies, standards, and procedures to ensure compliance with regulations and industry best practices.
• Conduct risk assessments and gap analyses to identify and prioritize cybersecurity risks. Collaborate with stakeholders to develop and track risk mitigation plans.
• Lead compliance efforts for standards such as PCI DSS, ISO 27001, NIST, GDPR, and other relevant frameworks such as CRFA, CI Bill. Coordinate audits and prepare reports for internal and external stakeholders. Strong experience in PCI DSS is highly desirable.
• Provide guidance to business units and IT teams on compliance requirements and risk management strategies.
• Monitor and report on GRC program effectiveness, including key risk indicators (KRIs) and compliance metrics. Deliver regular updates to senior management.
• Perform other cybersecurity duties as directed by supervisor.

Requirements

• Degree holders with a keen interest in cybersecurity, risk management, or compliance.
• Minimum 10 years’ experience in technology or risk management industries, with at least 5 years in GRC or related security roles.
• Self-motivated and able to work independently. Strong project management, analytical, and interpersonal skills.
• Good command of written and spoken English and Chinese.
• Certification in cybersecurity or GRC, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), preferred.
• Hands-on experience with GRC platforms and compliance frameworks (e.g., PCI DSS, ISO 27001, CRAF, CI Bill) is highly preferred.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Technology, Information and Media

Referrals increase your chances of interviewing at HKT by 2x

Wan Chai District, Hong Kong SAR 6 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

2 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

We are seeking a highly skilled Governance, Risk, and Compliance (GRC) Manager / (Senior) Specialist to join our cybersecurity team. The ideal candidate will be responsible for developing and overseeing the organization’s cybersecurity governance framework, managing risks, and ensuring compliance with regulatory and industry standards.

Responsibilities

• Develop, implement, and maintain the GRC framework, including policies, standards, and procedures to ensure compliance with regulations and industry best practices.
• Conduct risk assessments and gap analyses to identify and prioritize cybersecurity risks. Collaborate with stakeholders to develop and track risk mitigation plans.
• Lead compliance efforts for standards such as PCI DSS, ISO 27001, NIST, GDPR, and other relevant frameworks such as CRFA, CI Bill. Coordinate audits and prepare reports for internal and external stakeholders. Strong experience in PCI DSS is highly desirable.
• Provide guidance to business units and IT teams on compliance requirements and risk management strategies.
• Monitor and report on GRC program effectiveness, including key risk indicators (KRIs) and compliance metrics. Deliver regular updates to senior management.
• Perform other cybersecurity duties as directed by supervisor.

Requirements

• Degree holders with a keen interest in cybersecurity, risk management, or compliance.
• Minimum 10 years’ experience in technology or risk management industries, with at least 5 years in GRC or related security roles.
• Self-motivated and able to work independently. Strong project management, analytical, and interpersonal skills.
• Good command of written and spoken English and Chinese.
• Certification in cybersecurity or GRC, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), preferred.
• Hands-on experience with GRC platforms and compliance frameworks (e.g., PCI DSS, ISO 27001, CRAF, CI Bill) is highly preferred.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Technology, Information and Media

Referrals increase your chances of interviewing at HKT by 2x

Wan Chai District, Hong Kong SAR 6 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Risk Management Specialist role at Canonical

Join to apply for the Security Risk Management Specialist role at Canonical

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do.

To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

What you will do in this role:

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.
  
  

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Finance and Sales
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Risk Management Specialist role at Canonical

Join to apply for the Security Risk Management Specialist role at Canonical

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do.
To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.
The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.
What you will do in this role:

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.
  

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  

• Seniority level Entry level

• Employment type Full-time

• Job function Finance and Sales
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Analyst, Retail Business Risk Management, Risk Management role at BOCI .

Get AI-powered advice on this job and more exclusive features.

• Assist in the preparation and implementation of risk management policies and guidelines to ensure adequate control is performed;
• Communicate with Business departments, prepare credit analysis for management approval;
• Perform margin ratio review for securities and annual review for client limits;
• Enforce the daily margin call, risk control, risk reporting, Head Office reporting;
• Other duties as directed by superiors.

• Degree in Risk Management, Banking & Finance, Economics, Law, Business Administration, Accounting, Statistics or related disciplines;
• Minimum 1 year of relevant experience in credit control and monitoring;
• Strong organizational, communication, and interpersonal skills;
• Proficiency in English & Chinese; knowledge of written Chinese (Traditional and Simplified) and fluent Mandarin is an advantage;
• Strong data analytical skills, proficiency in Microsoft Excel, VBA, and Office applications.

• Please apply with full resume, academic record, current and expected salaries in confidence;
• Your data will be used solely for recruitment purposes; unsuccessful candidates' data will be destroyed within 24 months;
• Candidates with ECF should specify this on the CV.

As a leading investment bank in China and Hong Kong, BOCI is the investment banking arm of Bank of China. We seek highly motivated, creative, and success-oriented professionals to join our team.

• Seniority level: Entry level
• Employment type: Full-time
• Job function: Other
• Industry: Investment Banking