91 Information Security jobs in Hong Kong

5 days ago - Be among the first 25 applicants

Direct message the job poster from Nityo Infotech

Experience: 3–5 years

Requirements:

• Bachelor’s degree in Computer Science, Information Systems, or related disciplines preferred.
• 3–5 years of experience in information security governance or related control functions within the financial sector.
• Hands-on experience in developing scripts or tools using Python to support security automation, data analysis, or process improvement.
• Strong understanding of IAM principles and vulnerability management practices.
• Prior experience in IT risk control, audit, or project management is an advantage.
• Ability to work independently and manage tasks under tight deadlines.
• Professional certifications such as CISSP, CISA, or CISM are preferred.
• Excellent presentation and communication skills.

• Mid-Senior level

• Full-time

• IT Services and IT Consulting

Referrals increase your chances of interviewing at Nityo Infotech by 2x.

This job posting appears current; however, verify with the employer for the latest status.

5 days ago Be among the first 25 applicants

Join our fast-paced team as a Senior Information Security Specialist, contributing to global security operations across various entities at the group level. In this role, you'll utilize advanced tools for threat detection, incident response, and proactive security measures, ensuring robust protection against emerging cyber threats.

Responsibilities

• Utilize cybersecurity tools like SIEM, EDR, and SOAR for effective threat management.
• Stay updated on emerging cyber threats, vulnerabilities, and mitigation techniques.
• Lead incident response, management, and investigations.
• Conduct purple team exercises and threat hunting to identify risks.
• Analyze threat actors and their tactics through detailed research.
• Perform malware analysis to prevent future attacks.
• Oversee actionable Threat Intelligence (TI) collection and execution.
• Propose and implement security initiatives to combat emerging threats.
• Develop and update playbooks and documentation for security processes.
• Provide expertise in creating and maintaining security frameworks and policies.
• Evaluate new software or products for security projects.
• Promote security awareness and conduct role-based training.
• Communicate cybersecurity risks effectively to stakeholders.

Requirements

• Must have 5-8 years of experience in Information Security with hands-on expertise in Security Engineering, Operations, Cyber Threat Intelligence, Digital Forensics, Incident Response, Endpoint, or Cloud Security.
• Must be skilled with security event tools and incident response within a blue team context.
• Nice to have: Experience in Red Teaming and Penetration Testing (PenTest), as well as in-house security operations.
• Proficient with SIEM, EDR, SOAR, Vulnerability Management, and Open-Source Tools.
• Familiar with cloud environments such as AWS, Azure, and GCP.
• Knowledge of malware reverse-engineering techniques.
• Proficient in one coding language (Python, Java, etc.).
• Strong understanding of the MITRE ATT&CK framework.
• Professional English proficiency; Chinese is a plus.

About OSL

As a subsidiary of the publicly listed OSL Group (HKEX: 863.HK), OSL Digital Securities is Hong Kong’s first and most established SFC-licensed and insured digital asset platform. Operating since 2018, the platform provides institutional-grade digital asset services to corporations, financial institutions, professional and retail investors.

OSL Core Values

Be customer-centered

Be a high-performing team

Be relentlessly innovative

Be an owner

Be geared toward action

Be compliant

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Finance, Accounting/Auditing, and Information Technology
• Industries Securities and Commodity Exchanges and Financial Services

Referrals increase your chances of interviewing at OSL by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Insurance - Information Security Manager role at Michael Page

1 day ago Be among the first 25 applicants

Join to apply for the Insurance - Information Security Manager role at Michael Page

About Our Client

The hiring company is a large organization within the insurance industry, known for its strong market presence and commitment to innovation. The company offers a collaborative environment and focuses on delivering high-quality services to its clients in Hong Kong.

• Strategic Impact
• Professional Growth
  
  
  

• Deliver expert guidance on security matters related to solution design, business initiatives, and general security inquiries.
• Create and update documentation for security policies and procedures, ensuring consistency with corporate security frameworks and standards.
• Perform risk evaluations on technology implementations and security controls to uncover vulnerabilities and propose mitigation strategies. Maintain a risk log and communicate potential impacts to relevant stakeholders.
• Lead and manage end-to-end security assessments and ISO compliance audits.
• Assist with external audit and regulatory compliance activities, and formulate action plans to address any identified gaps.
• Supervise the handling of security incidents, supporting frontline teams to ensure prompt identification, response, and resolution.
• Regularly assess and refine security policies and operational workflows to strengthen control measures.
• Compile and present security reports to the Chief Security Officer and senior leadership.
  
  
  

• Minimum of 5 years' experience in cybersecurity, risk management, or a related discipline.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a similar field.
• Proven success in driving and executing effective security programs and initiatives.
• Strong analytical skills with the ability to navigate complex business environments and work independently.
• Exceptional communication and presentation abilities, capable of translating technical security concepts into business-friendly language.
• Experience in a global or multinational corporate setting is preferred.
• Proficiency in English, both spoken and written.
• Possession of relevant certifications such as CISSP, CISA, OSCP, CEH, ISO 27001, NIST, or equivalent is advantageous.
  
  
  

• Competitive annual salary in the range of HKD 660,000 to HKD 816,000.
• Opportunity to work in a large organization within the insurance industry with a focus on innovation.
• Collaborative company culture that values professional growth and development.
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology and Engineering
• Industries Insurance, Financial Services, and Capital Markets

Referrals increase your chances of interviewing at Michael Page by 2x

Get notified about new Information Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 week ago

Kwun Tong District, Hong Kong SAR 2 months ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwai Tsing District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Lead, Information Security Assurance role at AXA Hong Kong and Macau

2 days ago Be among the first 25 applicants

Join to apply for the Lead, Information Security Assurance role at AXA Hong Kong and Macau

• Provide professional security advisory and recommendations on solutions architecture, business project requirements, and security related enquiry.
• Develop and maintain security policies and process documentation. Ensure alignment with Corporate Security standards and controls.
• Conduct security risk assessment on technology solutions and/or technical controls to identify potential security threats and vulnerabilities and develop strategies to mitigate risks. Maintain security risk register, and communicate identified risks and impacts to stakeholders.
• Conduct security assessment and ISO audit and managing the exercise from end-to-end.
• Support external security audits and compliance assessments, devising mitigation measures to effectively address findings.
• Oversee security incident management and support the first line to ensure timely detection, response, and resolution of security incidents.
• Periodically review and update security policies and operational processes for security control enhancement.
• Prepare management reports for the Chief Security Officer and the Management team.
  
  

• Provide professional security advisory and recommendations on solutions architecture, business project requirements, and security related enquiry.
• Develop and maintain security policies and process documentation. Ensure alignment with Corporate Security standards and controls.
• Conduct security risk assessment on technology solutions and/or technical controls to identify potential security threats and vulnerabilities and develop strategies to mitigate risks. Maintain security risk register, and communicate identified risks and impacts to stakeholders.
• Conduct security assessment and ISO audit and managing the exercise from end-to-end.
• Support external security audits and compliance assessments, devising mitigation measures to effectively address findings.
• Oversee security incident management and support the first line to ensure timely detection, response, and resolution of security incidents.
• Periodically review and update security policies and operational processes for security control enhancement.
• Prepare management reports for the Chief Security Officer and the Management team.
  
  

• 5+ years of experience in information security, security risk, or a related area.
• Degree in Information Security, Computer Science, Information Management Systems, or a related field.
• Demonstrated track record in leading and implementing successful information security initiatives and programs.
• Ability to apply analytical rigor to understand complex business scenarios, with strong problem-solving skills and the ability to work independently.
• Excellent presentation and communication skills, with the ability to convey complex security concepts in clear, business-intelligible language.
• Experience working in a multinational organization is advantageous.
• Fluent in English (verbal and written).
• Relevant certifications (e.g., CISSP, CISA, OSCP, CEH, ISO 27001, NIST, or equivalent) are a plus.
  
  

• Seniority level Not Applicable

• Employment type Full-time

• Job function Information Technology
• Industries Insurance

Referrals increase your chances of interviewing at AXA Hong Kong and Macau by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 day ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Sha Tin District, Hong Kong SAR 1 day ago

Sha Tin District, Hong Kong SAR 2 days ago

Shenzhen, Guangdong, China CN¥45,000.00-CN¥65,000.00 2 years ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

2 days ago Be among the first 25 applicants

• Configure and manage network security tools, such as firewalls, intrusion prevention systems (IPS), network detection and response (NDR) appliances, network taps, network threat analysis (NTA) brokers, network packet brokers (NPBs), and SSL decryption technology, for data center projects.
• Integrate newly implemented network security infrastructure with the Security Operations Center (SOC) to ensure effective threat detection and incident response.
• Develop standard operating procedures and technical guidelines, and contribute to process and quality improvements.
• Collaborate with teams and vendors to address technical support and change management issues.
• Create project documentation, test plans, and briefings, and coordinate disaster recovery (DR) drills and user acceptance testing (UAT).
• Provide on-call support for emergencies or ad-hoc requests outside regular office hours when necessary.

Requirements

• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• At least 1 year of hands-on experience with network security tools, with proficiency in at least two of the following: firewalls, IPS, NDR appliances, network taps, NTA brokers, NPBs, or SSL decryption technology.
• CCNA or CISSP certification preferred.
• Strong problem-solving and interpersonal skills, with a focus on customer service.
• Ability to work independently in a fast-paced environment and meet tight deadlines.
• Fluent in spoken and written English; Mandarin proficiency is a plus.

• Seniority level Associate

• Employment type Contract

• Job function Engineering and Information Technology
• Industries Computer and Network Security, IT Services and IT Consulting, and IT System Operations and Maintenance

Referrals increase your chances of interviewing at One Advisors by 2x

Get notified about new Network Security Engineer jobs in Hong Kong, Hong Kong SAR .

Wan Chai District, Hong Kong SAR HK$30,000.00-HK$45,000.00 21 hours ago

Wan Chai District, Hong Kong SAR 2 weeks ago

Eastern District, Hong Kong SAR 2 weeks ago

Central & Western District, Hong Kong SAR 4 weeks ago

Central & Western District, Hong Kong SAR 1 week ago

Wan Chai District, Hong Kong SAR 2 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Key Role

As Application Security Specialist & Penetration Tester, you will lead and execute a variety of engagements, conducting secure code review and advanced hands-on penetration testing beyond automated tool validation, which will focus on targets that may include network devices, servers, web and mobile apps, web APIs, wireless infrastructures, IoT devices, and other information systems.

You will have the opportunity to combine technical expertise with your imagination to conduct targeted attacks and discover vulnerabilities, with the goal of ensuring wizlynx group’s customers remain one step ahead of its adversaries.

This role will be part of a team of Cyber Security Experts, providing excellent services to customers and internal teams.

What your key responsibilities will be

Responsibilities may include the following, but are not limited to:

• Lead and execute secure code review, network, web application, and wireless penetration tests that will vary in level of complexity from simple to potentially complex.
• Author quality secure code review and penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses.
• Serve as a consultant in pre-sales, including assessment of client needs, project scopes, and proposal preparation.
• Share all knowledge and training with internal colleagues and teams.
• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, security standards, trends/best practices, offensive techniques, tools, and software development paradigms.

What we are looking for

• Bachelor’s degree, preferably in computer science or information systems, or equivalent work experience.
• Minimum of one year professional experience in penetration testing and code review.
• Technical knowledge across a broad range of computing platforms and network protocols.
• High proficiency in a variety of operating systems such as Unix/Linux/Mac/Windows, including bash and PowerShell.
• High proficiency in manual techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems).
• Proven professional experience testing web applications for common web application security vulnerabilities as defined by OWASP, including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection, and web server configuration issues.
• Good knowledge of both static and dynamic analysis of an application, be it web-based, mobile app, or standalone.
• Experience with tools such as Microfocus Fortify or Checkmarx are an asset.
• Ability in reviewing source code, including the evaluation of best practices for the platform/framework in use.
• Very good knowledge of one or more of the following programming languages & frameworks: Python, .NET, Perl, and Java.
• Strong oral and written communication skills, including a demonstrated ability to prepare quality documentation and presentations for technical and non-technical audiences.
• Certifications such as OSCP, OSCE, OSWE, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB, GWEB) are an asset.

Language Skills:

• Excellent communication skills in English and Cantonese (written and spoken); other languages are an advantage.

Soft Skills:

• Excellent interpersonal skills, capable of interacting with people at all levels; team player.
• Action-oriented and results-driven.
• Organized with strong time-management skills.
• Ability to dynamically switch among different tasks.
• Customer-friendly approach and appearance.
• Willingness to travel.
• Strong problem-solving and analytical skills.

What we are offering you

You will get the opportunity to work with the best cyber security experts in a multi-cultural environment.

At wizlynx group, you will also have the chance to go to conferences, participate in ethical hacking competitions, attend advanced trainings, and pass highly recognized certifications. We are offering you to work in a thrilling, challenging but fun environment where what you do is important and meaningful. At wizlynx, there is no limit but the sky. If you wish to learn and get involved in other areas of cyber security or the business, we will ensure that you get all the help you need to succeed. Furthermore, as a senior penetration tester, you will be part of the wizlynx red teaming services consisting of emulating real-world threats using cybercriminals' TTPs. You will get dedicated time for security research on topics that interest you the most.

Who we are

wizlynx group is an ethical, trustworthy, and vendor-agnostic Swiss Cyber Security provider. Our customers rely on us to effectively protect their business and trade secrets against any form of cybercrime, such as malware outbreaks, malicious insiders, cyberattacks, cyber espionage, data leakage, and more.

We live and breathe Cyber Security! For this reason, we have designed a service portfolio that covers the entire risk management lifecycle to ensure our customers benefit the most from our passion and experience, but primarily to maximize their protection.

Our Cyber Security Services rely on highly skilled security professionals and penetration testers with long-lasting experience, both in defense and offense, while holding the most recognized certifications in the industry.

Apply now if you think you are a good match! We will respond to let you know what the next steps are, but in the meantime feel free to check us out:

Your Full Name

Your Email

Upload Resume

Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes.

Job No.: 499438
Employment Type: Full time
Departments: Information Technology Department
Job Functions: Information Technology

Roles and Responsibilities & Specific Requirements (Application Security):

• Assist in reviewing IT initiatives and provide advisory from technology risk perspectives.
• Assist to establish and review policies, guidelines, procedures in application security area.
• Provide advisory and practical guidance to support technology risk and information security assessments, including vulnerability scanning, penetration tests, etc.
• Conduct regular assessments on application security.
• Familiar with security testing tools e.g. Fortify, AppScan, and Open Source Scanning tools; technologies on DevSecOps and industry good practice OWASP is preferable.

General Job Requirements:

• Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
• Over 4 years of experience in IT security, technology risk, risk management, compliance, or IT audit function, gained from other sizable financial institutions.
• Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
• Familiar with HKMA TM-E-1, PCI-DSS, ISO 2700-series or other security risk management frameworks is an advantage.
• Good command of written and spoken English; knowledge of Mandarin is preferable.
• Good communication and interpersonal skills.

Back to Search Results

Key Role

As (Senior) Cyber Security Consultant & Penetration Tester, you will execute a variety of engagements, conducting advanced hands-on penetration testing beyond automated tool validation, which will focus on targets that may include network devices, servers, web and mobile apps, web APIs, wireless infrastructures, IoT devices, and other information systems.

You will have the opportunity to combine technical expertise with your imagination to conduct targeted attacks and discover vulnerabilities, with the goal of ensuring wizlynx group’s customers remain one step ahead of its adversaries.

What your key responsibilities will be

• Lead & execute network, web and mobile application, wireless, and social engineering penetration tests that will vary in level of complexity from simple to potentially complex.
• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, security standards, trends / best practices, offensive techniques, and tools.
• Author quality penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses, providing detailed remediation guidance for findings.
• Serve as a consultant in pre-sales, including assessment of client needs, project scopes and proposal preparation.

What we are looking for

• Bachelor's degree, preferably in computer science or information systems, or equivalent work experience.
• One to three years security experience in a security analyst, engineer, architect, consultant or a similar role, including a minimum of 6 months to a year experience in penetration testing.
• Proficiency in a variety of operating systems such as Unix/Linux/Mac/Windows operating systems, including bash and PowerShell.
• Know-how in manual techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems).
• Familiarity with Penetration Testing tools like Burp Suite and Kali Linux.
• Familiarity with OWASP Top 10 security vulnerabilities.
• Certifications such as OSCP, CREST CPSA, GWAPT, GPEN, and others are an asset.

Language Skills:

• Excellent communication skills in English and Cantonese (written and spoken).

Soft Skills:

• Excellent interpersonal skills, capable of interacting with people at all levels; team player.
• Organized with strong time-management skills.
• Customer-friendly approach and appearance.
• Strong problem-solving and analytical skills.
• Proactive and initiative driven.

What we are offering you

You will get the opportunity to work with the best cyber security experts in a multi-cultural environment.

At wizlynx group, you will also have the chance to go to conferences, participate in ethical hacking competitions, attend advanced trainings, and pass highly recognized certifications.

We are offering you to work in a thrilling, challenging but fun environment where what you do is important and meaningful. At wizlynx, there is no limit but the sky. If you wish to learn and get involved in other areas of cyber security or the business, we will ensure that you get all the help you need to succeed.

You will also get dedicated time for security research on topics that interest you the most.

Who we are

wizlynx group is an ethical, trustworthy, and vendor agnostic Swiss Cyber Security provider. Our customers rely on us to effectively protect their business and trade secrets against any form of cybercrime, such as malware outbreak, malicious insiders, cyberattacks, cyber espionage, data leakage, and more.

We live and breathe Cyber Security! For this reason, we have designed a service portfolio that covers the entire risk management lifecycle to ensure our customer benefits the most from our passion and experience, but primarily to maximize their protection.

Our Cyber Security Services rely on highly skilled security professionals and penetration testers with long-lasting experience, both in defense and offense, while holding the most recognized certifications in the industry.

Apply now if you think you are a good match! We will respond to let you know what the next steps are, but in the meantime feel free to check us out:

Your Full Name

Your Email

Upload Resume

Join to apply for the Head of Information Security role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established insurance firm, recognized as a large organization in the industry. Operating in a competitive and fast-paced environment, they are heavily focused on technological innovation and security. Their commitment to maintaining the highest standards of information security is one of their top priorities.

As a Head of Information Security , your main responsibilities will include:

1. Defining and implementing the company's information security strategy and roadmap.
2. Developing and maintaining the ISMS based on ISO 27001.
3. Conducting regular information security risk assessments.
4. Ensuring compliance with regulatory requirements related to information security.
5. Managing the information security incident response process.
6. Providing information security training and awareness to all staff.
7. Working closely with the IT department to ensure the security of the IT infrastructure.
8. Reporting to management on information security status and initiatives.

A Successful 'Head Of Information Security' Should Have

• A degree in Information Technology, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, or CISA.
• Proven experience in developing and managing ISMS based on ISO 27001.
• Strong knowledge of information security principles and practices.
• Ability to conduct information security risk assessments and audits.
• Experience in managing information security incidents.
• Strong communication and leadership skills.

• A competitive salary range of around HKD 1,080,000 to HKD 1,200,000.
• Standard benefits package including health insurance and retirement plans.
• Opportunity to work in a technologically advanced environment.
• A supportive and collaborative work culture.

We are looking for an ambitious and dedicated professional to join our team in this critical role. If you have the necessary skills and experience, we would love to hear from you. Apply today to secure your future in a highly rewarding career in the insurance industry.

Contact: Alexis Wee

Quote job ref: JN-052025-6742521

• Director

• Full-time

• Information Technology and Engineering

• Insurance, Financial Services, and Capital Markets