13 Security Assessment jobs in Hong Kong

1 week ago Be among the first 25 applicants

As our Security Compliance Analyst / Manager, you will be tasked with security compliance activities along with our journey. You are expected to take the initiative to assist us with several security compliance programs and certifications. You are required to address and review compliance gaps and give recommendations and support on remediation activities. You will also be trusted to provide technical advice to ensure that security compliance requirements are met throughout all business units. The role will essentially combine regional support with a focus on advancing our automation initiatives.

As our Security Compliance Analyst / Manager, you will be tasked with security compliance activities along with our journey. You are expected to take the initiative to assist us with several security compliance programs and certifications. You are required to address and review compliance gaps and give recommendations and support on remediation activities. You will also be trusted to provide technical advice to ensure that security compliance requirements are met throughout all business units. The role will essentially combine regional support with a focus on advancing our automation initiatives.

Responsibilities

• Assist in our security compliance programs, including ISO27001, ISO27701, PCI-DSS, SOC 2, etc
  

• Participate in internal security and privacy assessments, internal and external audits, compliance certifications, and risk management
  

• Provide complete and accurate responses to internal and third-party enquiries on security compliance
  

• Perform security compliance assessment activities, including periodic technical, organizational, and third-party risk and control assessments, and managing remediation activities to completion
  

• Design necessary control required to comply with international standards and local regulations
  

• Evaluate technical and organisational controls to ensure effectiveness and compliance, including managing the control remediation efforts
  

• Identify opportunities to reduce manual effort in control testing and audit readiness through scripting and compliance tooling
  

• Drive the development and implementation of automation solutions to streamline compliance monitoring, evidence collection, and reporting processes
  

Requirements

• Experience in information security compliance, security operations or technology risk management, or consultation related roles
  

• Prefer experience with one or more of the following: conducting security control assessments, risk assessments or implementing security solutions
  

• Prefer experience with any of the following: ISO27001, ISO27701, SOC2, PCI DSS, cloud technologies, and data protection regulations and requirements
  

• Holders of security-related certifications/qualifications will be an advantage: CISSP, CRISC, CISM, CISA, ISO27001 LA, CIPT, CIPP/E, or other relevant certifications
  

• Minimum 3 / 5 years of hands-on experience in a fast-paced working environment. Candidates with less experience will be considered for a junior position
  

• Experience leading compliance initiatives and working with auditors and/or external regulators
  

• A role combining regional support with a focus on advancing our automation initiatives
  

• Proven experience with compliance automation tools and techniques (e.g., GRC platforms, scripting, security orchestration, AI, MCP, AI Agent, Agentic RAG)
  

• Hands-on experience in implementing automated control testing or evidence gathering in cloud or hybrid environments
  

• Be a friendly team player with a positive attitude
  

• Demonstrate a strong commitment to personal learning and development
  

• Detail minded with an analytical mindset
  

• Good communication skills with an ability to explain complex technical issues to non-technical business users
  

• Prior experience with project management
  

Seniority level

• Seniority level Not Applicable

Employment type

• Employment type Full-time

Job function

• Job function Finance, Legal, and Accounting/Auditing

Referrals increase your chances of interviewing at Crypto.com by 2x

Get notified about new Compliance Analyst jobs in Hong Kong, Hong Kong SAR .

AVP/Senior Associate/ Associate, Investigations (Anti-Scam), Legal, Compliance & Secretariat

Kwun Tong District, Hong Kong SAR 5 days ago

Compliance Officer - Primary Markets Compliance Compliance Officer, Foreign Asset Management

Hong Kong, Hong Kong SAR HK$30,000.00-HK$5,000.00 1 week ago

Wan Chai District, Hong Kong SAR 23 hours ago

Assistant Manager/ Manager – Regulatory & Compliance (Assistant / Deputy) Compliance Manager (Compliance Review) Compliance Manager, Anti-Money Laundering Compliance Officer (International Hedge Fund)

Hong Kong, Hong Kong SAR HK$1 200,000.00-HK 1,900,000.00 3 weeks ago

Hong Kong, Hong Kong SAR 36,000.00- 70,000.00 1 week ago

Assistant Manager to Deputy Manager, General Compliance (Compliance and Legal ASSO, Surveillance and Trading Compliance Team, Legal and Compliance Regulatory Compliance Officer - Wealth Management / Bancassurance Compliance Governance Manager/Associate, HK Officer, Financial Crime Compliance – 1 year contract

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Cyber Security Specialist (Penetration Testing)

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

Cyber Security Specialist (Penetration Testing)

3 days ago Be among the first 25 applicants

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

Get AI-powered advice on this job and more exclusive features.

About Mox

Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.

Application Deadline: 14 July 2025

Department: Technology-CDSIO

Location: Hong Kong (SAR)

Description

About Mox

Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.

Why Mox

Everything at Mox – from our products, features, to rewards – is designed based on customer research, tailor made for your needs. We care about what customers care about, especially in data security and privacy. Data ethics is core to everyone here at Mox. Mox rewards you with an array of banking and lifestyle benefits. Who says banking can’t be fun?

What we are looking for?

We are looking for a cyber security specialist (Penetration testing to join our team!


Responsibilities

• Provide security expertise to ensure the ongoing confidentiality, integrity, and availability of systems and information effectively and efficiently.
• Scope and perform hands-on penetration testing and security assessments of web applications, APIs, infrastructure, cloud environments and mobile (iOS/Android) apps to assess and validate their security posture
• Write high quality reports on identified vulnerabilities, including recommendations to remediate, and deliver report to stakeholders
• Manage security assessments conducted by vendors and consultants
• Manage the penetration testing pipeline to ensure on-time completion and delivery
• Work closely with key development and operations stakeholders to ensure timely remediation
• Conduct security code reviews and make recommendations to developers
• ·Drive security awareness of secure coding practices and techniques
• Work collaboratively with key development and operations stakeholders to support the secure CI/CD pipeline
• Conduct offensive research to evaluate emerging cyber security threats and trends
• Work closely with the security operations team to proactively identify potential weaknesses, threats or vulnerabilities and address them
• Maintain up-to-date knowledge of the latest attacks, vulnerabilities, mitigation strategies, industry best practices and regulations
• Provide subject matter expertise, security consulting, and advisory services to business entities and project teams
• Build strong working relationships across the business and technology teams
  
  

Requirements

• 5+ Years’ experience in IT security related positions with a key focus on penetration testing and application security
• You should be able to demonstrate:
• Passion for offensive security and assurance
• Risk mindset and knowledge of risk management guidelines and frameworks
• Good understanding of penetration testing methodologies / techniques and software security principles
• Ability to communicate and articulate technical findings with stakeholders at all levels of the business
• Hands-on threat, vulnerability, and remediation management experience
• Experience working in a cloud and container-based environment is highly desired
• Critical thinker with strong problem-solving and analytical skills
• Strong time management and ability to manage multiple projects under strict timelines.
• Development and automation experience in one or more programming languages are highly desired
• Strong collaborative nature and ability to contribute to a team environment
• Previous experience working within the finance/banking or advisory services industry beneficial
  
  

All personal data provided by applicants will be used for recruitment and other employment-related purposes only. Personal data of unsuccessful applicants will be erased within 24 months of rejection of the applicant’s application.

Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Engineering and Information Technology
• Industries Banking

Referrals increase your chances of interviewing at Mox Bank by 2x

Get notified about new Cyber Security Specialist jobs in Hong Kong, Hong Kong SAR .

Cyber Security Specialist (Vulnerability Management) Cybersecurity Analyst (Listed Company/ Up to 60K/Perm) Information Technology Cybersecurity Analyst / Specialist

Eastern District, Hong Kong SAR 2 days ago

CYBER SECURITY AND RISK ANALYST / CYBER SECURITY ENGINEER Cybersecurity Detection and Response Analyst Application Security Engineer (Pentester) Cyber Security Analyst / Engineer (Identity and Access Management) Cyber Security Consultant - Red Team Specialist Application Security Specialist & Penetration Tester Systems Analyst (Information Technology) – Security Specialist Assistant Manager, Cyber Security (Ref: DTD124/25, 10433) Cyber Security Operations (SOC) Manager - Leading Professional Firm Global Security GRC Analyst (Governance, Risk, and Compliance) Cybersecurity Manager, Group Cybersecurity

Wan Chai District, Hong Kong SAR 2 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Cyber Security Specialist (Penetration Testing)

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

Cyber Security Specialist (Penetration Testing)

3 days ago Be among the first 25 applicants

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

Get AI-powered advice on this job and more exclusive features.

About Mox
Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.

Application Deadline: 14 July 2025

Department: Technology-CDSIO

Location: Hong Kong (SAR)

Description
About Mox
Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.
Why Mox
Everything at Mox – from our products, features, to rewards – is designed based on customer research, tailor made for your needs. We care about what customers care about, especially in data security and privacy. Data ethics is core to everyone here at Mox. Mox rewards you with an array of banking and lifestyle benefits. Who says banking can’t be fun?
What we are looking for?
We are looking for a cyber security specialist (Penetration testing to join our team!
Responsibilities

• Provide security expertise to ensure the ongoing confidentiality, integrity, and availability of systems and information effectively and efficiently.
• Scope and perform hands-on penetration testing and security assessments of web applications, APIs, infrastructure, cloud environments and mobile (iOS/Android) apps to assess and validate their security posture
• Write high quality reports on identified vulnerabilities, including recommendations to remediate, and deliver report to stakeholders
• Manage security assessments conducted by vendors and consultants
• Manage the penetration testing pipeline to ensure on-time completion and delivery
• Work closely with key development and operations stakeholders to ensure timely remediation
• Conduct security code reviews and make recommendations to developers
• ·Drive security awareness of secure coding practices and techniques
• Work collaboratively with key development and operations stakeholders to support the secure CI/CD pipeline
• Conduct offensive research to evaluate emerging cyber security threats and trends
• Work closely with the security operations team to proactively identify potential weaknesses, threats or vulnerabilities and address them
• Maintain up-to-date knowledge of the latest attacks, vulnerabilities, mitigation strategies, industry best practices and regulations
• Provide subject matter expertise, security consulting, and advisory services to business entities and project teams
• Build strong working relationships across the business and technology teams
  

Requirements

• 5+ Years’ experience in IT security related positions with a key focus on penetration testing and application security
• You should be able to demonstrate:
• Passion for offensive security and assurance
• Risk mindset and knowledge of risk management guidelines and frameworks
• Good understanding of penetration testing methodologies / techniques and software security principles
• Ability to communicate and articulate technical findings with stakeholders at all levels of the business
• Hands-on threat, vulnerability, and remediation management experience
• Experience working in a cloud and container-based environment is highly desired
• Critical thinker with strong problem-solving and analytical skills
• Strong time management and ability to manage multiple projects under strict timelines.
• Development and automation experience in one or more programming languages are highly desired
• Strong collaborative nature and ability to contribute to a team environment
• Previous experience working within the finance/banking or advisory services industry beneficial
  

All personal data provided by applicants will be used for recruitment and other employment-related purposes only. Personal data of unsuccessful applicants will be erased within 24 months of rejection of the applicant’s application. Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Engineering and Information Technology
• Industries Banking

Referrals increase your chances of interviewing at Mox Bank by 2x

Get notified about new Cyber Security Specialist jobs in Hong Kong, Hong Kong SAR .

Cyber Security Specialist (Vulnerability Management) Cybersecurity Analyst (Listed Company/ Up to 60K/Perm) Information Technology Cybersecurity Analyst / Specialist

Eastern District, Hong Kong SAR 2 days ago

CYBER SECURITY AND RISK ANALYST / CYBER SECURITY ENGINEER Cybersecurity Detection and Response Analyst Application Security Engineer (Pentester) Cyber Security Analyst / Engineer (Identity and Access Management) Cyber Security Consultant - Red Team Specialist Application Security Specialist & Penetration Tester Systems Analyst (Information Technology) – Security Specialist Assistant Manager, Cyber Security (Ref: DTD124/25, 10433) Cyber Security Operations (SOC) Manager - Leading Professional Firm Global Security GRC Analyst (Governance, Risk, and Compliance) Cybersecurity Manager, Group Cybersecurity

Wan Chai District, Hong Kong SAR 2 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Manager, Information Security Policy & Compliance

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

Manager, Information Security Policy & Compliance

4 days ago Be among the first 25 applicants

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

Job Summary

Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.

Job Summary

Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.

The Job

You will:

• Develop and maintain information security policies.
• Perform compliance assessment against information security policies.
• Assist in programme management, and work with external consultants to deliver technology risk and information security projects.
• Conduct information security risk assessments and control assurance testing.
• Assist in delivering information security initiatives and prepare necessary documentation.
• Assist in technology risk management activities.
• Monitor and report on security metrics and trends to monitor the technology and information security risks.
• Promote security awareness within the organization, fostering a culture of risk management.
  
  
  

About You

You should have:

• University degree in Computer Science, Information Technology, Cybersecurity, Engineering, Risk Management or related fields.
• 5 to 7 years of practical experience in Cyber Security or Technology Risk roles.
• Hands-on experience in enterprise security infrastructure, risk assessments, and security testing.
• Experience with identity and access management systems and principles.
• Familiarity with security frameworks and standards (e.g. ISO27001, NIST).
• Understand second line of defence roles and responsibilities.
• Relevant certifications such as CISSP, CISA or CISM are preferred.
  
  
  

Terms of Employment

The level of appointment will be commensurate with qualification and experience.

How to Apply

Please send your resume, complete with expected salary and job reference by clicking the Apply Now.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.

Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Sign in to set job alerts for “Information Security Manager” roles. Cybersecurity Manager, Group Cybersecurity Senior Security Consultant/ Cybersecurity Manager (CISSP, CISA, CISM) - 60K+B

Kwun Tong District, Hong Kong SAR 1 month ago

Senior Manager, IT Governance and Architecture Manager, Cyber Security (DTD079/25, 10360)

Kwun Tong District, Hong Kong SAR 4 days ago

Deputy Executive Manager, Security Architecture

Sha Tin District, Hong Kong SAR 1 week ago

Technology Risk Manager (IT Security) – Information Technology Department Assistant Technical Manager, Cyber Security

Sha Tin District, Hong Kong SAR 2 weeks ago

Service Delivery Manager (Cybersecurity) Cyber Engagement Lead, Mandiant Consulting, Google Cloud Manager, Operational and Strategic Risk (Cyber Security) Technical Manager, Data Security & Protection

Sha Tin District, Hong Kong SAR 1 week ago

Senior Technical Manager, Cyber Defense Engineering

Sha Tin District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Manager, Information Security Policy & Compliance

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

Manager, Information Security Policy & Compliance

4 days ago Be among the first 25 applicants

Join to apply for the Manager, Information Security Policy & Compliance role at The Hong Kong Jockey Club

Job Summary
Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.

Job Summary
Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies. You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies. You will also be involved in other information security assurance and technology risk management activities as assigned.
The Job
You will:

• Develop and maintain information security policies.
• Perform compliance assessment against information security policies.
• Assist in programme management, and work with external consultants to deliver technology risk and information security projects.
• Conduct information security risk assessments and control assurance testing.
• Assist in delivering information security initiatives and prepare necessary documentation.
• Assist in technology risk management activities.
• Monitor and report on security metrics and trends to monitor the technology and information security risks.
• Promote security awareness within the organization, fostering a culture of risk management.
  

About You
You should have:

• University degree in Computer Science, Information Technology, Cybersecurity, Engineering, Risk Management or related fields.
• 5 to 7 years of practical experience in Cyber Security or Technology Risk roles.
• Hands-on experience in enterprise security infrastructure, risk assessments, and security testing.
• Experience with identity and access management systems and principles.
• Familiarity with security frameworks and standards (e.g. ISO27001, NIST).
• Understand second line of defence roles and responsibilities.
• Relevant certifications such as CISSP, CISA or CISM are preferred.
  

Terms of Employment
The level of appointment will be commensurate with qualification and experience.
How to Apply
Please send your resume, complete with expected salary and job reference by clicking the Apply Now.
We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request. Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Sign in to set job alerts for “Information Security Manager” roles. Cybersecurity Manager, Group Cybersecurity Senior Security Consultant/ Cybersecurity Manager (CISSP, CISA, CISM) - 60K+B

Kwun Tong District, Hong Kong SAR 1 month ago

Senior Manager, IT Governance and Architecture Manager, Cyber Security (DTD079/25, 10360)

Kwun Tong District, Hong Kong SAR 4 days ago

Deputy Executive Manager, Security Architecture

Sha Tin District, Hong Kong SAR 1 week ago

Technology Risk Manager (IT Security) – Information Technology Department Assistant Technical Manager, Cyber Security

Sha Tin District, Hong Kong SAR 2 weeks ago

Service Delivery Manager (Cybersecurity) Cyber Engagement Lead, Mandiant Consulting, Google Cloud Manager, Operational and Strategic Risk (Cyber Security) Technical Manager, Data Security & Protection

Sha Tin District, Hong Kong SAR 1 week ago

Senior Technical Manager, Cyber Defense Engineering

Sha Tin District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350)

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350)

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.

Service Line Overview

At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.

KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.

Our wide range of projects includes Cyber Strategy, Cyber Digital Transformation, Governance & Risk, as well as a strong presence in Penetration Testing or Ethical Hacking. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story.

We are now seeking Consultant/ Senior Consultant candidates for Cyber Defense Team.

Key Responsibilities

• Perform vulnerability assessment and penetration tests on different platforms and technologies
• Simulate real-time cyber-attacks using red team / blue team / purple team exercises
• Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
• Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
• Conduct cloud / server / network / middleware security configuration assessments
• Conduct architecture review for cloud / on-premise IT environments
• Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
• Assist in continuously enhancing the existing security assessment methodologies
• Support in developing marketing and training materials to help develop staff awareness within the company and communicate KPMG's capabilities to clients
• Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
• Develop constructive client relationships, both inside and outside of KPMG
  
  
  

Experience & Background

• Bachelor’s degree in computer science, InformationTechnology, or related field.
• At least one professionally qualification required: CREST, GXPN, GPEN, GCTI, GWAPT, OSCE3, OSEP, OSWE, OSEP, OSCP, CRTE, eCPTX, CISSP, or other relevant qualifications.
• 2 years of relevant working experience preferred: Red/Blue/Purple Teaming, Web/Mobile/Network/OT/IoT/other Penetration Tests, Vulnerability Assessment, Source Code Review, Appliance/System/Cloud Configuration Review, Malware development, Social Engineering.
• Candidate with less experience will be considered as Consultant.
• Knowledge in threat intelligence, reverse engineering, security products, incident response, SOC operation or other related areas will be an advantage.
• Experience with at least one scripting language (e.g. Bash, PowerShell) or programming language (e.g. Python, C, Java) preferred.
• Able to understand basic networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred.
• Understand the industry recognised testing standards and have knowledge of common red teaming tools·
• Knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability.
• Be able to conduct research and development and solve technical problems independently.
• Be able to work as part of a team, and at the same time being an independent self-starter·
• Have strong analytical, problem solving and inter-personal skills·
• Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences·
• Possess a recognised Degree in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline (STEM) is preferred·
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
  
  
  

Benefits we offer:

KPMG is looking for someone who is passionate about helping our clients with their cyber security challenges. In return, we are helping you to develop your skills and career within the KPMG network.

• Well-structured career development and learning path, 1-to-1 coaching by our cybersecurity professionals
• Access to various cyber security learning resources
• Wide exposure to working with leading financial institutions and corporations
• Continuous sponsorship and support on professional certificate development (i.e. Offensive Security, GIAC, CREST, etc.)
• Opportunities for secondment / exchange within KPMG Global network based on staff performance and preference
• Opportunities to attend KPMG overseas Global Cyber Events – such as HackNet / BlackHat
• One annual professional membership sponsorship on the approved list
• Work in a passionate team with blended cybersecurity talents
  
  
  

About KPMG

At KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons. It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and professional level.

We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients to help them achieve their ESG goals. View Our Impact Plan to learn more about our ESG commitments and progress across four key pillars - Governance, People, Planet and Prosperity – and how we make a positive impact on our people, environment and society.

We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us. Visit KPMG China website for more company information.

You acknowledge and agree that all personal information hereby provided regarding yourself will be used by KPMG China for its candidate selection purposed only. KPMG China collects, uses, processes, and retains your personal information in accordance with KPMG China’s Online Privacy Statement and/or KPMG China Privacy Statement (collectively "Privacy Statement "). During the recruitment process, KPMG China may need to store personal information of candidates in a designated third-party application tracking platform.

If you have any questions regarding the information you provided in the form or your job application in general, please contact KPMG China’s HR personnel in the location where your application is submitted (see here).

Seniority level

• Seniority level Entry level

Employment type

• Employment type Full-time

Job function

• Job function Engineering and Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

Sign in to set job alerts for “Senior Java Consultant” roles. Senior Java Backend Developer - Web3 / Fintech / Financial Services (Senior) Staff Engineer - Java (Compliance Platform) Principal/Senior Engineer - Core - Platform Tool (Java) Senior/Staff Java Trading Developer, Liquidity Platform Principal/Senior Java Engineer - Multi-Language & Localization Lead Software Engineer, Java, Order Management System for Equities Trading Senior Engineer - Compliance Platform(Java) Principal/Senior Java Engineer - Defi - Earn Senior Engineer - Java (Exchange Platform - Financial Product) Lead Software Engineer, Electronic Trading Technology, Java Principal/Senior Engineer - Defi - Explorer(Java)

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350)

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350)

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.
Service Line Overview
At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.
KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.
Our wide range of projects includes Cyber Strategy, Cyber Digital Transformation, Governance & Risk, as well as a strong presence in Penetration Testing or Ethical Hacking. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story.
We are now seeking Consultant/ Senior Consultant candidates for Cyber Defense Team.
Key Responsibilities

• Perform vulnerability assessment and penetration tests on different platforms and technologies
• Simulate real-time cyber-attacks using red team / blue team / purple team exercises
• Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
• Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
• Conduct cloud / server / network / middleware security configuration assessments
• Conduct architecture review for cloud / on-premise IT environments
• Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
• Assist in continuously enhancing the existing security assessment methodologies
• Support in developing marketing and training materials to help develop staff awareness within the company and communicate KPMG's capabilities to clients
• Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
• Develop constructive client relationships, both inside and outside of KPMG
  

Experience & Background

• Bachelor’s degree in computer science, InformationTechnology, or related field.
• At least one professionally qualification required: CREST, GXPN, GPEN, GCTI, GWAPT, OSCE3, OSEP, OSWE, OSEP, OSCP, CRTE, eCPTX, CISSP, or other relevant qualifications.
• 2 years of relevant working experience preferred: Red/Blue/Purple Teaming, Web/Mobile/Network/OT/IoT/other Penetration Tests, Vulnerability Assessment, Source Code Review, Appliance/System/Cloud Configuration Review, Malware development, Social Engineering.
• Candidate with less experience will be considered as Consultant.
• Knowledge in threat intelligence, reverse engineering, security products, incident response, SOC operation or other related areas will be an advantage.
• Experience with at least one scripting language (e.g. Bash, PowerShell) or programming language (e.g. Python, C, Java) preferred.
• Able to understand basic networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred.
• Understand the industry recognised testing standards and have knowledge of common red teaming tools·
• Knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability.
• Be able to conduct research and development and solve technical problems independently.
• Be able to work as part of a team, and at the same time being an independent self-starter·
• Have strong analytical, problem solving and inter-personal skills·
• Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences·
• Possess a recognised Degree in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline (STEM) is preferred·
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
  

Benefits we offer:
KPMG is looking for someone who is passionate about helping our clients with their cyber security challenges. In return, we are helping you to develop your skills and career within the KPMG network.

• Well-structured career development and learning path, 1-to-1 coaching by our cybersecurity professionals
• Access to various cyber security learning resources
• Wide exposure to working with leading financial institutions and corporations
• Continuous sponsorship and support on professional certificate development (i.e. Offensive Security, GIAC, CREST, etc.)
• Opportunities for secondment / exchange within KPMG Global network based on staff performance and preference
• Opportunities to attend KPMG overseas Global Cyber Events – such as HackNet / BlackHat
• One annual professional membership sponsorship on the approved list
• Work in a passionate team with blended cybersecurity talents
  

About KPMG
At KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons. It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and professional level.
We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients to help them achieve their ESG goals. View Our Impact Plan to learn more about our ESG commitments and progress across four key pillars - Governance, People, Planet and Prosperity – and how we make a positive impact on our people, environment and society.
We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us. Visit KPMG China website for more company information.
You acknowledge and agree that all personal information hereby provided regarding yourself will be used by KPMG China for its candidate selection purposed only. KPMG China collects, uses, processes, and retains your personal information in accordance with KPMG China’s Online Privacy Statement and/or KPMG China Privacy Statement (collectively "Privacy Statement "). During the recruitment process, KPMG China may need to store personal information of candidates in a designated third-party application tracking platform.
If you have any questions regarding the information you provided in the form or your job application in general, please contact KPMG China’s HR personnel in the location where your application is submitted (see here). Seniority level

• Seniority level Entry level

Employment type

• Employment type Full-time

Job function

• Job function Engineering and Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

Sign in to set job alerts for “Senior Java Consultant” roles. Senior Java Backend Developer - Web3 / Fintech / Financial Services (Senior) Staff Engineer - Java (Compliance Platform) Principal/Senior Engineer - Core - Platform Tool (Java) Senior/Staff Java Trading Developer, Liquidity Platform Principal/Senior Java Engineer - Multi-Language & Localization Lead Software Engineer, Java, Order Management System for Equities Trading Senior Engineer - Compliance Platform(Java) Principal/Senior Java Engineer - Defi - Earn Senior Engineer - Java (Exchange Platform - Financial Product) Lead Software Engineer, Electronic Trading Technology, Java Principal/Senior Engineer - Defi - Explorer(Java)

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Associate Director, Data Security and Compliance

Join to apply for the Associate Director, Data Security and Compliance role at Manulife

Associate Director, Data Security and Compliance

2 weeks ago Be among the first 25 applicants

Join to apply for the Associate Director, Data Security and Compliance role at Manulife

The Asia Data Office (ADO) is a team of data professionals dedicated to enabling data as a strategic asset to drive business outcomes across Asia and the broader Asia segment. The team comprises Data Analysts, Architects, Engineers, and Business Intelligence professionals focused on delivering high-quality, accessible data for use cases spanning Business Intelligence, Digital Applications, and Advanced Analytics.

We are seeking a highly skilled and experienced Associate Director, Data Security and Compliance to spearhead the development and enforcement of access management frameworks and data risk policies across multiple data lakes in Asia, while ensuring alignment with global standards. This role is critical in maintaining regulatory compliance across ten markets and managing key data risks within the Asia Data Office.

Position Responsibilities

Access Management

• Framework Development: Design, implement, and maintain robust access management frameworks and policies to ensure secure and efficient data access across Asia’s data lakes.
• Policy Integration: Collaborate with global teams to align regional access policies with global standards.
• Access Controls: Regularly monitor and audit access controls to ensure compliance with internal policies and security protocols.
• User Access Management: Oversee role-based access provisioning, ensuring appropriate access levels based on responsibilities.
• Technology Enablement: Partner with IT and architecture teams to implement tools and technologies that support access governance.
  
  

Data Governance

• Governance Oversight: Ensure effective governance of data access, maintaining data integrity, security, and availability.
• Quality Initiatives: Lead efforts to standardize and harmonize data access processes across the region.
• Policy Enforcement: Ensure adherence to data governance policies by all stakeholders.
  
  

Regulatory Compliance

• Compliance Monitoring: Track and ensure compliance with data access regulations across ten markets, adapting policies as needed.
• Regulatory Liaison: Work closely with legal and compliance teams to meet local and international regulatory requirements.
• Documentation: Maintain clear and comprehensive documentation of access policies and procedures.
  
  

Data Risk Management

• Risk Identification & Mitigation: Identify, assess, and mitigate data privacy and security risks. Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
• Risk Execution: Own and execute Information Risk Assessments (IRAs) for the Asia Data Office.
• Audit & Compliance: Conduct regular audits to ensure ongoing compliance with privacy and security laws. Implement corrective actions as necessary.
• Incident Response: Lead response efforts for data breach incidents, including investigation, reporting, and remediation.
• Reporting: Provide regular updates on data risk status and mitigation strategies to the Asia Chief Data Officer and senior leadership.
• Training & Awareness: Develop and deliver training programs to promote a culture of privacy and data security awareness.
  
  

Coordination & Collaboration

• Cross-Functional Engagement: Collaborate with IT, legal, compliance, architecture, engineering, and business teams to ensure cohesive access management.
• Culture Building: Promote data stewardship and accountability across the organization.
• Solution Design: Work closely with solution and data architects to design access management solutions aligned with business and regulatory needs.
  
  

Required Qualifications

• Bachelor’s or Master’s degree in Information Technology, Data Science, Business Administration, or a related field.
• 8–10 years of experience in access management, data governance, or risk management.
• Experience in a multinational organization with a focus on Asia.
• Professional certifications such as CIPP, CRISC, or CDMP.
• Strong knowledge of access frameworks, governance policies, and regulatory compliance.
• Proficiency in technologies such as SQL, Oracle RDBMS, Microsoft Synapse, Azure Data Lake Storage (ADLS), Azure Data Factory, Cosmos DB, and Databricks.
• Foundational understanding of emerging technologies like Generative AI and OpenAI.
• Demonstrated experience in managing data risks and implementing mitigation strategies.
• Excellent leadership, communication, and stakeholder management skills.
• Ability to thrive in a fast-paced, dynamic environment with multiple priorities.
  
  

When You Join Our Team

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.
  
  

About Manulife And John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact

Working Arrangement

Hybrid

Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Other
• Industries Insurance

Referrals increase your chances of interviewing at Manulife by 2x

Get notified about new Director of Security jobs in Hong Kong, Hong Kong SAR .

Corporate Bank - Head of Securities Services - Director/ VP Director/ Deputy Director, Client Development

Shenzhen, Guangdong, China CN¥20,000.00-CN¥0,000.00 2 years ago

Treasury Director, Chinese Securities, 85k Security Operations Manager (MNC Retail) Manager, Infrastructure and Network Operations, Global IT Security and Operation Specialist (Asst Manager Level) Senior Operations Manager, Securities Brokerage

Shenzhen, Guangdong, China CN 0,000.00-CN 0,000.00 2 years ago

Security Architect - Director/Executive Level Data Engineer, Director P4, Institutional Securities Technology Manager/Associate Director, Cyber Security (Strategy, Governance & Risk), Technology Consulting Manager/Associate Director, Cyber Security (Simulated Attack), Technology Consulting Manager, Cyber Security Operations (MJ006042) Manager/Associate Director , Cloud Security, Technology Consulting Manager/Associate Director, Data Privacy and Protection, Technology Consulting Assistant Manager (Ant Bank - For Securities Operations) Manager - Professional Environment Services (Facilities & Office Operation) - Hong Kong(314235) Marketing Officer/ Senior Marketing Officer

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

**Associate Director, Data Security and Compliance**
The Asia Data Office (ADO) is a team of data professionals dedicated to enabling data as a strategic asset to drive business outcomes across Asia and the broader Asia segment. The team comprises Data Analysts, Architects, Engineers, and Business Intelligence professionals focused on delivering high-quality, accessible data for use cases spanning Business Intelligence, Digital Applications, and Advanced Analytics.
We are seeking a highly skilled and experienced Associate Director, Data Security and Compliance to spearhead the development and enforcement of access management frameworks and data risk policies across multiple data lakes in Asia, while ensuring alignment with global standards. This role is critical in maintaining regulatory compliance across ten markets and managing key data risks within the Asia Data Office.
**Position Responsibilities:**
**Access Management**
+ **Framework Development:** Design, implement, and maintain robust access management frameworks and policies to ensure secure and efficient data access across Asia's data lakes.
+ **Policy Integration:** Collaborate with global teams to align regional access policies with global standards.
+ **Access Controls:** Regularly monitor and audit access controls to ensure compliance with internal policies and security protocols.
+ **User Access Management:** Oversee role-based access provisioning, ensuring appropriate access levels based on responsibilities.
+ **Technology Enablement:** Partner with IT and architecture teams to implement tools and technologies that support access governance.
**Data Governance**
+ **Governance Oversight:** Ensure effective governance of data access, maintaining data integrity, security, and availability.
+ **Quality Initiatives:** Lead efforts to standardize and harmonize data access processes across the region.
+ **Policy Enforcement:** Ensure adherence to data governance policies by all stakeholders.
**Regulatory Compliance**
+ **Compliance Monitoring:** Track and ensure compliance with data access regulations across ten markets, adapting policies as needed.
+ **Regulatory Liaison:** Work closely with legal and compliance teams to meet local and international regulatory requirements.
+ **Documentation:** Maintain clear and comprehensive documentation of access policies and procedures.
**Data Risk Management**
+ **Risk Identification & Mitigation:** Identify, assess, and mitigate data privacy and security risks. Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
+ **Risk Execution:** Own and execute Information Risk Assessments (IRAs) for the Asia Data Office.
+ **Audit & Compliance:** Conduct regular audits to ensure ongoing compliance with privacy and security laws. Implement corrective actions as necessary.
+ **Incident Response:** Lead response efforts for data breach incidents, including investigation, reporting, and remediation.
+ **Reporting:** Provide regular updates on data risk status and mitigation strategies to the Asia Chief Data Officer and senior leadership.
+ **Training & Awareness:** Develop and deliver training programs to promote a culture of privacy and data security awareness.
**Coordination & Collaboration**
+ **Cross-Functional Engagement:** Collaborate with IT, legal, compliance, architecture, engineering, and business teams to ensure cohesive access management.
+ **Culture Building:** Promote data stewardship and accountability across the organization.
+ **Solution Design:** Work closely with solution and data architects to design access management solutions aligned with business and regulatory needs.
**Required Qualifications:**
+ Bachelor's or Master's degree in Information Technology, Data Science, Business Administration, or a related field.
+ 8-10 years of experience in access management, data governance, or risk management.
+ Experience in a multinational organization with a focus on Asia.
+ Professional certifications such as CIPP, CRISC, or CDMP.
+ Strong knowledge of access frameworks, governance policies, and regulatory compliance.
+ Proficiency in technologies such as SQL, Oracle RDBMS, Microsoft Synapse, Azure Data Lake Storage (ADLS), Azure Data Factory, Cosmos DB, and Databricks.
+ Foundational understanding of emerging technologies like Generative AI and OpenAI.
+ Demonstrated experience in managing data risks and implementing mitigation strategies.
+ Excellent leadership, communication, and stakeholder management skills.
+ Ability to thrive in a fast-paced, dynamic environment with multiple priorities.
**_When you join our team:_**
+ We'll empower you to learn and grow the career you want.
+ We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
+ As part of our global team, we'll support you in shaping the future you want to see.
**Acerca de Manulife y John Hancock**
Manulife Financial Corporation es un importante proveedor internacional de servicios financieros que ayuda a las personas a tomar decisiones de una manera más fácil y a vivir mejor. Para obtener más información acerca de nosotros, visite .
**Manulife es un empleador que ofrece igualdad de oportunidades**
En Manulife/John Hancock, valoramos nuestra diversidad. Nos esforzamos por atraer, formar y retener una fuerza laboral tan diversa como los clientes a los que prestamos servicios, y para fomentar un entorno laboral inclusivo en el que se aprovechen las fortalezas de las culturas y las personas. Estamos comprometidos con la equidad en las contrataciones, la retención de talento, el ascenso y la remuneración, y administramos todas nuestras prácticas y programas sin discriminación por motivos de raza, ascendencia, lugar de origen, color, origen étnico, ciudadanía, religión o creencias religiosas, credo, sexo (incluyendo el embarazo y las afecciones relacionadas con este), orientación sexual, características genéticas, condición de veterano, identidad de género, expresión de género, edad, estado civil, estatus familiar, discapacidad, o cualquier otro aspecto protegido por la ley vigente.
Nuestra prioridad es eliminar las barreras para garantizar la igualdad de acceso al empleo. Un representante de Recursos Humanos trabajará con los solicitantes que requieran una adaptación razonable durante el proceso de solicitud. Toda la información que se haya compartido durante el proceso de solicitud de adaptación se almacenará y utilizará de manera congruente con las leyes y las políticas de Manulife/John Hancock correspondientes. Para solicitar una adaptación razonable en el proceso de solicitud, envíenos un mensaje a .
**Modalidades de Trabajo**
Híbrido