167 Information Security Manager jobs in Hong Kong

Join to apply for the Information Security Manager role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established organization within the financial services sector. With a large workforce and a solid market presence in Hong Kong, they are committed to maintaining high standards in technology and information security.

As a 'Manager, Information Security,' your main responsibilities will include:

• Overseeing the implementation and maintenance of the

Join to apply for the Information Security Manager role at Global Payments Inc. .

Develops and leads one or more of the following highly technical and specialized areas within information security: Security Engineering, Security Architecture, Forensics Analysis, Threat Analysis, Threat Hunting and Penetration Testing. Manages the development, deployment and execution of enterprise security controls and defenses. Monitors, analyzes and exploits system vulnerabilities to detect potential threats. Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence. Determines risk and exposure from security breaches and resolves incidents while providing guidance to business decision-makers.

• Tracks and supports the delivery of information security solutions. Manages the tactical activities of installing and configuring security systems, software and applications. Coordinates responses to intrusions and provide remediation guidance and support.
• Coordinates resources on highly complex development projects including approval of design specifications and scope. Provides input to short-term security technology roadmaps regarding applicability of new technologies. Disseminates updates to InfoSec Architectural policies, standards and guidelines to team members.
• Reviews forensic investigations and analysis of reported cyber incidents to evaluate root cause vectors and necessary control measures needed to prevent future occurrence. Implements appropriate countermeasures to recover deleted, hidden or lost user data.
• Coordinates research and analysis of threat actor profiles and associated indicators to detect potential threats. Implements recommended actions and security tools to identify, monitor and mitigate attacks. Coordinates with external security organizations to exchange threat intelligence.
• Coordinates complex threat assessment to evaluate incident impact and risk exposure. Reviews cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies), and draws conclusions on possible implications or applicability. Guides the threat intelligence collection process to enhance analytical capabilities.
• Manages execution of penetration testing activities on core systems. Articulates the outcome of stimulated attacks and underlying security issues or system weaknesses. Recommends and institutes remediation techniques or improvements to protect and maintain security frameworks and controls.
• Supports the evaluation and selection of security applications and systems. Manages the implementation of access control defenses. Provides quality review on the evaluation and documentation of team procedures. Manages development, deployment and support activities for multiple critical security technologies to include problem resolution and management, application maintenance, project requests and system enhancements.
• Not an exhaustive list; other duties as assigned.

• Bachelor's Degree
• Relevant Experience or Degree in: Information Security or Computer Science preferred. Other majors will be considered.
• Typically a minimum of 6 years
• Related professional experience and prefer a minimum of 1-2 years experience in a supervisory position.
• One or more of the following-CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, CGEIT, Certified Forensic Computer Examiner (CFCE), Certified Cyber Threat Analyst (CCTA), Certified Computer Examiner (CCE)

• Prior Global Payments,

Join to apply for the Insurance - Information Security Manager role at Michael Page

1 day ago Be among the first 25 applicants

Join to apply for the Insurance - Information Security Manager role at Michael Page

About Our Client

The hiring company is a large organization within the insurance industry, known for its strong market presence and commitment to innovation. The company offers a collaborative environment and focuses on delivering high-quality services to its clients in Hong Kong.

• Strategic Impact
• Professional Growth
  
  
  

• Deliver expert guidance on security matters related to solution design, business initiatives, and general security inquiries.
• Create and update documentation for security policies and procedures, ensuring consistency with corporate security frameworks and standards.
• Perform risk evaluations on technology implementations and security controls to uncover vulnerabilities and propose mitigation strategies. Maintain a risk log and communicate potential impacts to relevant stakeholders.
• Lead and manage end-to-end security assessments and ISO compliance audits.
• Assist with external audit and regulatory compliance activities, and formulate action plans to address any identified gaps.
• Supervise the handling of security incidents, supporting frontline teams to ensure prompt identification, response, and resolution.
• Regularly assess and refine security policies and operational workflows to strengthen control measures.
• Compile and present security reports to the Chief Security Officer and senior leadership.
  
  
  

• Minimum of 5 years' experience in cybersecurity, risk management, or a related discipline.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a similar field.
• Proven success in driving and executing effective security programs and initiatives.
• Strong analytical skills with the ability to navigate complex business environments and work independently.
• Exceptional communication and presentation abilities, capable of translating technical security concepts into business-friendly language.
• Experience in a global or multinational corporate setting is preferred.
• Proficiency in English, both spoken and written.
• Possession of relevant certifications such as CISSP, CISA, OSCP, CEH, ISO 27001, NIST, or equivalent is advantageous.
  
  
  

• Competitive annual salary in the range of HKD 660,000 to HKD 816,000.
• Opportunity to work in a large organization within the insurance industry with a focus on innovation.
• Collaborative company culture that values professional growth and development.
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology and Engineering
• Industries Insurance, Financial Services, and Capital Markets

Referrals increase your chances of interviewing at Michael Page by 2x

Get notified about new Information Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 week ago

Kwun Tong District, Hong Kong SAR 2 months ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwai Tsing District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Insurance - Information Security Manager role at Michael Page

1 day ago Be among the first 25 applicants

Join to apply for the Insurance - Information Security Manager role at Michael Page

About Our Client
The hiring company is a large organization within the insurance industry, known for its strong market presence and commitment to innovation. The company offers a collaborative environment and focuses on delivering high-quality services to its clients in Hong Kong.

• Strategic Impact
• Professional Growth
  

• Deliver expert guidance on security matters related to solution design, business initiatives, and general security inquiries.
• Create and update documentation for security policies and procedures, ensuring consistency with corporate security frameworks and standards.
• Perform risk evaluations on technology implementations and security controls to uncover vulnerabilities and propose mitigation strategies. Maintain a risk log and communicate potential impacts to relevant stakeholders.
• Lead and manage end-to-end security assessments and ISO compliance audits.
• Assist with external audit and regulatory compliance activities, and formulate action plans to address any identified gaps.
• Supervise the handling of security incidents, supporting frontline teams to ensure prompt identification, response, and resolution.
• Regularly assess and refine security policies and operational workflows to strengthen control measures.
• Compile and present security reports to the Chief Security Officer and senior leadership.
  

• Minimum of 5 years' experience in cybersecurity, risk management, or a related discipline.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a similar field.
• Proven success in driving and executing effective security programs and initiatives.
• Strong analytical skills with the ability to navigate complex business environments and work independently.
• Exceptional communication and presentation abilities, capable of translating technical security concepts into business-friendly language.
• Experience in a global or multinational corporate setting is preferred.
• Proficiency in English, both spoken and written.
• Possession of relevant certifications such as CISSP, CISA, OSCP, CEH, ISO 27001, NIST, or equivalent is advantageous.
  

• Competitive annual salary in the range of HKD 660,000 to HKD 816,000.
• Opportunity to work in a large organization within the insurance industry with a focus on innovation.
• Collaborative company culture that values professional growth and development.
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology and Engineering
• Industries Insurance, Financial Services, and Capital Markets

Referrals increase your chances of interviewing at Michael Page by 2x

Get notified about new Information Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 week ago

Kwun Tong District, Hong Kong SAR 2 months ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwai Tsing District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

About Dah Sing Group
The Dah Sing Group is a leading financial services group in Hong Kong offering banking, insurance, financial and other related services through its growing network of over 70 branches in Hong Kong, Macau and Mainland China.
Our currency is caring, teamwork and progressiveness. We accept that everyone is unique and different in talent, but alike in the capacity for growth. Our task is to shape a culture that creates a sense of pride in achieving something beyond just a job, and an environment where you can be your true and authentic self, like at home.



Job Purpose:


Reporting to the Head of Information Security to support delivering information security services and carrying out information security related activities.



Job Description of the position:


• Conduct cyber security testing covering penetration test, Infra and Web Manage security tools
• Manage network security system covering firewall, NAC, IPS, SIEM and etc.
• Act as project manager role on Information security projects.
• Support and Analyze cybersecurity incidents and make recommendations on remedial actions.
• Define and design adequate security controls to maintain secure control environment.
• Provide security advisory service to stakeholders on new initiatives and development projects.
• Implement systems and procedures to enable digital forensics capabilities
• Maintain Cyber Incident Response plan and playbook. Conduct cyber incident response drill in regular basis.



Incumbent Requirements:


• University graduate in Computer Science / Information Technology or equivalent.
• Minimum 6 years of relevant work experience in information security, cybersecurity or technology risk
• Possess one or more professional certificates : OCSP, CISSP, CISM, CCSP, CISA
• Solid experience on penetration test, red/blue team exercise and network security including firewall, NAC, IPS.
• Sound knowledge of regulators' requirement on Cyber Resilience Assessment Framework (CRAF)
• Sound knowledge of vulnerability management and threat intelligence analysis.
• Strong communication in both Chinese and English; Good communication and interpersonal skills.
• Mature, independent and able to deliver quality results under tight schedule.


Please note that only shortlisted candidates will be notified.

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

4 days ago Be among the first 25 applicants

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

Job Summary

Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.

Job Summary

Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.

The Job

You will:

• Develop and maintain information security policies.
• Perform compliance assessment against information security policies.
• Assist in programme management, and work with external consultants to deliver technology risk and information security projects.
• Conduct information security risk assessments and control assurance testing.
• Assist in delivering information security initiatives and prepare necessary documentation.
• Assist in technology risk management activities.
• Monitor and report on security metrics and trends to monitor the technology and information security risks.
• Promote security awareness within the organization, fostering a culture of risk management.
  
  
  

• University degree in Computer Science, Information Technology, Cybersecurity, Engineering, Risk Management or related fields.
• 5 to 7 years of practical experience in Cyber Security or Technology Risk roles.
• Hands-on experience in enterprise security infrastructure, risk assessments, and security testing.
• Experience with identity and access management systems and principles.
• Familiarity with security frameworks and standards (e.g. ISO27001, NIST).
• Understand second line of defence roles and responsibilities.
• Relevant certifications such as CISSP, CISA or CISM are preferred.
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Kwun Tong District, Hong Kong SAR 1 month ago

Kwun Tong District, Hong Kong SAR 4 days ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

4 days ago Be among the first 25 applicants

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

Job Summary
Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.

Job Summary
Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.
The Job
You will:

• Develop and maintain information security policies.
• Perform compliance assessment against information security policies.
• Assist in programme management, and work with external consultants to deliver technology risk and information security projects.
• Conduct information security risk assessments and control assurance testing.
• Assist in delivering information security initiatives and prepare necessary documentation.
• Assist in technology risk management activities.
• Monitor and report on security metrics and trends to monitor the technology and information security risks.
• Promote security awareness within the organization, fostering a culture of risk management.
  

• University degree in Computer Science, Information Technology, Cybersecurity, Engineering, Risk Management or related fields.
• 5 to 7 years of practical experience in Cyber Security or Technology Risk roles.
• Hands-on experience in enterprise security infrastructure, risk assessments, and security testing.
• Experience with identity and access management systems and principles.
• Familiarity with security frameworks and standards (e.g. ISO27001, NIST).
• Understand second line of defence roles and responsibilities.
• Relevant certifications such as CISSP, CISA or CISM are preferred.
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Kwun Tong District, Hong Kong SAR 1 month ago

Kwun Tong District, Hong Kong SAR 4 days ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Senior Manager, Group Information Security role at FWD Insurance. This position leads the Data Protection Program (DPP) across the FWD Group and 10 Business Units, partnering with stakeholders to design and implement security solutions that protect data and align with regulatory requirements.

• Lead and drive the FWD Data Protection Program DPP for FWD Group and all Business Units (10 Business Units).
• Define and partner with stakeholders in a multi disciplinary team to design and implement DPP security solutions across projects.
• Lead stakeholders and vendors engagements and provide subject matter expertise to all Business Units across all Markets of FWD.
• Drive changes to the DPP Target Operating Model, influencing vendors to improve the solutions.
• Stay abreast of key regulatory requirements and data protection laws and monitor emerging threats.

• Define and execute Data Protection Roadmap, including use of Artificial Intelligence AI.
• Support the Head of Group Information Security Engineering and Group CISO in defining and maintaining the DLP Engineering framework for FWD Group.
• Drive awareness and support to Group Information Security, Group IT and Business Units IT to understand DLP Security Solutions and Processes and their implications across the organization.
• Drive DLP Security Engineering Initiatives and Projects definition and implementation, selection of solutions and architecture, and define operations framework and its continuous improvement.
• Develop deep working relationships with senior executives across engagement teams.
• Responsible for executing large scale project deliveries.
• Manage teams and mentor junior resources.
• Act as a subject matter expert in DPP and provide Level 4 support, reducing dependencies on external vendor support.
• Oversee infrastructure and microservices security architecture including container security, data security, network security and operational security.
• Review infrastructure and microservices design against security standards such as PCI DSS and CSA Containers' security guidelines and identify the necessary security architecture requirements.
• Review the infrastructure and microservices network and data architecture to identify security requirements.
• Ensure that final design addresses identified threats and countermeasures during threat modelling.
• Build knowledge capital through research and development and leveraging industry insights to deliver best of breed expertise to stakeholders.
• Lead the growth of cloud security practice across business units, project teams and other stakeholders.
• Drive DLP Information Security Engineering Initiatives and Projects definition and implementation, selection of solutions and architecture, as well as define operations framework and its continuous improvement.
• Continuously improve the Data Protection Program to adapt to the changing threat landscape.

• Minimum of 12 years experience in project management, data privacy and protection, and security risk management.
• Extensive knowledge of technical Data Protection solutions and mechanisms (data discovery, data leakage controls, data tagging, data rights management, encryption, tokenization, masking, hashing, etc.).
• Experience in the insurance industry is an advantage.
• Ability to act as a data protection role model within the organization.
• Ability to summarize complex and technical information succinctly.

• Certification in CISSP, CDPSE or equivalent.
• Good communication and presentation skills.
• Express issues succinctly to senior stakeholders and be flexible and pragmatic with advice.
• Self driven, autonomous, and result oriented.
• Exceptional interpersonal, analytical and presentation skills.
• A team player and ability to lead managers, consultants and security analysts in your team.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Information Technology
• Industries: Insurance

Senior Manager, Group Information Security role at FWD Insurance. This position leads the Data Protection Program (DPP) across the FWD Group and 10 Business Units, partnering with stakeholders to design and implement security solutions that protect data and align with regulatory requirements.

• Lead and drive the FWD Data Protection Program DPP for FWD Group and all Business Units (10 Business Units).
• Define and partner with stakeholders in a multi disciplinary team to design and implement DPP security solutions across projects.
• Lead stakeholders and vendors engagements and provide subject matter expertise to all Business Units across all Markets of FWD.
• Drive changes to the DPP Target Operating Model, influencing vendors to improve the solutions.
• Stay abreast of key regulatory requirements and data protection laws and monitor emerging threats.

• Define and execute Data Protection Roadmap, including use of Artificial Intelligence AI.
• Support the Head of Group Information Security Engineering and Group CISO in defining and maintaining the DLP Engineering framework for FWD Group.
• Drive awareness and support to Group Information Security, Group IT and Business Units IT to understand DLP Security Solutions and Processes and their implications across the organization.
• Drive DLP Security Engineering Initiatives and Projects definition and implementation, selection of solutions and architecture, and define operations framework and its continuous improvement.
• Develop deep working relationships with senior executives across engagement teams.
• Responsible for executing large scale project deliveries.
• Manage teams and mentor junior resources.
• Act as a subject matter expert in DPP and provide Level 4 support, reducing dependencies on external vendor support.
• Oversee infrastructure and microservices security architecture including container security, data security, network security and operational security.
• Review infrastructure and microservices design against security standards such as PCI DSS and CSA Containers' security guidelines and identify the necessary security architecture requirements.
• Review the infrastructure and microservices network and data architecture to identify security requirements.
• Ensure that final design addresses identified threats and countermeasures during threat modelling.
• Build knowledge capital through research and development and leveraging industry insights to deliver best of breed expertise to stakeholders.
• Lead the growth of cloud security practice across business units, project teams and other stakeholders.
• Drive DLP Information Security Engineering Initiatives and Projects definition and implementation, selection of solutions and architecture, as well as define operations framework and its continuous improvement.
• Continuously improve the Data Protection Program to adapt to the changing threat landscape.

• Minimum of 12 years experience in project management, data privacy and protection, and security risk management.
• Extensive knowledge of technical Data Protection solutions and mechanisms (data discovery, data leakage controls, data tagging, data rights management, encryption, tokenization, masking, hashing, etc.).
• Experience in the insurance industry is an advantage.
• Ability to act as a data protection role model within the organization.
• Ability to summarize complex and technical information succinctly.

• Certification in CISSP, CDPSE or equivalent.
• Good communication and presentation skills.
• Express issues succinctly to senior stakeholders and be flexible and pragmatic with advice.
• Self driven, autonomous, and result oriented.
• Exceptional interpersonal, analytical and presentation skills.
• A team player and ability to lead managers, consultants and security analysts in your team.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Information Technology
• Industries: Insurance