What Jobs are available for Security Assessment in Hong Kong?

Client Description

Company Description: A leading technology, media, and telecommunication provider with over 150 years of history in Hong Kong. It offers comprehensive connectivity, smart living, and end-to-end enterprise solutions for local and international businesses.

Location: Central

Nature: Renewable Contract for 12 months

Job Description

• Act as the Primary Point of Contact for all local security-related requests and requirements.
• Coordinate with internal security stakeholders to efficiently address issues and ensure smooth communication flow.
• Conduct proactive Vulnerability and Common Vulnerabilities and Exposures (CVE) research that impacts the company's local systems and applications.
• Provide timely mitigation guidance, including recommendations for patches, configuration adjustments, or compensating controls.
• Test security patches in lower environments, such as Development and Sandbox, prior to deployment in production.
• Create and share production-ready commands and scripts for the validation of security fixes in the production environment.
• Perform penetration testing on local applications as requested by the security team.
• Validate security fixes and provide re-test reports to confirm the successful closure of identified issues.
• Assist the team in meeting fundamental compliance requirements through documentation, evidence gathering, and control validation.
• Provide advisory support on aligning security practices with applicable regional regulatory standards.

Job Requirements

• Possess three to four years of relevant experience in a security-focused role.
• AWS Cloud certification is mandatory for this position.
• Penetration testing certification is highly preferred.
• Demonstrated expert knowledge and experience in applying AWS cloud security best practices.
• Proven ability to support an application security program through secure design reviews, threat modeling, and code-level security guidance.
• Excellent problem-solving and analytical skills to research and resolve complex security issues.
• Strong communication and coordination skills to effectively liaise with technical and non-technical stakeholders.

FSO Consulting – Technology Risk – Penetration Testing & Purple Team – Senior Consultant/Consultant – Hong Kong

At EY, we're all in to shape your future with confidence.

We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Join EY and help to build a better working world.

The Opportunity

Technology compliance, licensing, governance setup, massive data storage and related privacy security, virtual asset management, and resilience of the business require rigorous technology risk measures to safeguard the crown jewels and comply with regulatory requirements. support businesses to identify and manage risks while enhancing their agility.

Join EY's Technology Risk and Cyber Team and become a key player in defending against cyber threats. As a Senior Consultant, you will work with top-tier talent in a collaborative environment, tackling complex cybersecurity challenges and simulating real-world cyber-attacks. At EY, you will also guide clients to manage technology risks, comply with regulatory requirements, and strengthen their cybersecurity posture. You will apply your technical skills to help businesses identify and manage risks while enhancing their agility.

Your key responsibilities

Under the leadership of the project manager, you will:

• Conduct Technology Compliance Reviews
  : Assess institutions in banking, wealth and asset management, and insurance across Hong Kong, the Greater Bay Area, and other regions.
• IT Risk Assurance
  : Deliver quality, independent audits of financial systems to ensure integrity and compliance.
• Risk Analysis & Controls Evaluation
  : Analyze IT environments, identify risks, and evaluate controls (including cloud security) according to regulatory requirements and industry best practices.
• Vulnerability Assessment & Penetration Testing
  : Perform in-depth vulnerability scans and penetration tests to uncover security risks.
• Cyber-Attack Simulation
  : Simulate real-world attacks to identify vulnerabilities and recommend cybersecurity improvements.
• IT System Architecture Review
  : Evaluate IT system architectures and configurations.
• Incident Response
  : Respond promptly to security incidents and support clients in managing and recovering from breaches.

What we look for

• A Bachelor's degree or Master's degree preferably in one of the following areas: Information Security, Information Systems, Computer Science, Engineering, and other related majors.
• 1-4 years of relevant experience in penetration testing, offensive security assessments, or Purple Team engagements (consulting experience preferred).
• Industry-recognized certifications such as OSCP, OSWE, OSEP, OSEE, GPEN, CRTO, GXPN, CRTP, CRTE, or equivalent. Candidates who are actively pursuing these certifications are also encouraged to apply.
• Strong knowledge of security frameworks, protocols, and attack vectors (e.g., OWASP, MITRE ATT&CK, NIST, ISO).
• Experience with vulnerability assessment and penetration testing tools (e.g., Burp Suite, Nmap, Metasploit, Nessus, Cobalt Strike, BloodHound, PowerShell).
• Understanding of TCP/IP, DNS, VPNs, firewalls, and network protocols.
• Strong knowledge of cloud security, secure development practices, and crafting/red teaming offensive infrastructure.
• Familiarity with Windows and Linux environments, including Active Directory attacks, lateral movement, and persistence techniques.
• Experience in incident response, threat hunting, and malware analysis.
• Familiarity with security event analysis, incident response, and computer forensics tools.
• Experience in bypassing modern defensive controls (e.g., EDRs, network defenses, email filters).
• Experience in performing digital forensics and incident response analysis (e.g., network, application/log analysis, disk forensics, memory forensics, malware analysis, cloud forensics, endpoint forensics). Expert knowledge of common security tools (including EDR, DLP, UEBA, SIEM, SOAR, and other related forensics platforms) is a plus.
• Knowledge of SQL, Python or other programming languages would be considered as an advantage
• Candidates with less experience may be considered for the Consultant role

What we offer you

At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more.

Are you ready to shape your future with confidence? Apply today.

To help create an equitable and inclusive experience during the recruitment process, please inform us as soon as possible about any disability-related adjustments or accommodations you may need.

EY
| Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

My client seeking a highly skilled and experienced Senior Manager to oversee and lead our IT infrastructure, IT security, and compliance functions. The ideal candidate will possess extensive knowledge and expertise in managing IT systems, ensuring data security, and ensuring compliance with regulations across Hong Kong, China, and Southeast Asia. This role requires strong leadership abilities, strategic thinking, and the ability to collaborate effectively with cross-functional teams.

Role & Responsibilities

• Provide strong leadership and guidance to the IT infrastructure, IT security, and compliance teams, fostering a positive and collaborative work environment.
• Develop and execute strategic plans for IT infrastructure, IT security, and compliance, aligning them with the organization's overall objectives.
• Identify emerging trends, technologies, and industry best practices, and assess their potential impact on the organization.
  
  Drive innovation and process improvements to optimize IT infrastructure, security, and compliance operations
• Set clear goals and expectations for team members, ensuring alignment with organizational objectives.
• Mentor and develop team members, providing ongoing coaching, feedback, and opportunities for growth.
• Foster a culture of continuous learning and innovation within the team, encouraging the adoption of new technologies and best practices.
• Monitor and report on key performance indicators (KPIs) to measure the effectiveness of IT initiatives and identify areas for improvement.
  
  Collaborate with senior management and stakeholders to provide strategic recommendations and insights on IT infrastructure, security, and compliance matters.
• Collaborate with HR for recruitment, onboarding, and talent acquisition strategies to build a high-performing team.
• Promote effective communication and collaboration across cross-functional teams, ensuring seamless coordination and cooperation.

Skills & Qualifications

• Bachelor's or Master's degree in Computer Science, Information Technology, or a related field.
• Extensive experience (10+ years) in IT infrastructure management, IT security, and compliance.
• Strong knowledge of IT infrastructure technologies, including networks, servers, storage systems, virtualization, and cloud computing.
• In-depth understanding of IT security principles, practices, and technologies, including firewalls, intrusion detection systems, encryption, and vulnerability management.
• Experience in implementing and managing IT compliance programs, such as ISO 27001, GDPR / China DSL, and local data protection regulations.
• Proven leadership and team management skills, with the ability to inspire and motivate team members.
• Excellent communication and interpersonal skills, with the ability to collaborate with stakeholders at all levels.
• Experience working in HK, CN, and SEA regions, and familiarity with the respective regulatory environments.

This is a fantastic opportunity and great project to work with 5 working days a week, hybrid working mode, comprehensive remuneration packages and great working environment. We are hiring within the week and If you think this role is suitable for you please send your CV to or call on

The Asia Data Office (ADO) is a team of data professionals dedicated to enabling data as a strategic asset to drive business outcomes across Asia and the broader Asia segment. The team comprises Data Analysts, Architects, Engineers, and Business Intelligence professionals focused on delivering high-quality, accessible data for use cases spanning Business Intelligence, Digital Applications, and Advanced Analytics.

We are seeking a highly skilled and experienced Associate Director, Data Security and Compliance to spearhead the development and enforcement of access management frameworks and data risk policies across multiple data lakes in Asia, while ensuring alignment with global standards. This role is critical in maintaining regulatory compliance across ten markets and managing key data risks within the Asia Data Office.

Position Responsibilities
Access Management

• Framework Development: Design, implement, and maintain robust access management frameworks and policies to ensure secure and efficient data access across Asia's data lakes.
• Policy Integration: Collaborate with global teams to align regional access policies with global standards.
• Access Controls: Regularly monitor and audit access controls to ensure compliance with internal policies and security protocols.
• User Access Management: Oversee role-based access provisioning, ensuring appropriate access levels based on responsibilities.
• Technology Enablement: Partner with IT and architecture teams to implement tools and technologies that support access governance.

Data Governance

• Governance Oversight: Ensure effective governance of data access, maintaining data integrity, security, and availability.
• Quality Initiatives: Lead efforts to standardize and harmonize data access processes across the region.
• Policy Enforcement: Ensure adherence to data governance policies by all stakeholders.

Regulatory Compliance

• Compliance Monitoring: Track and ensure compliance with data access regulations across ten markets, adapting policies as needed.
• Regulatory Liaison: Work closely with legal and compliance teams to meet local and international regulatory requirements.
• Documentation: Maintain clear and comprehensive documentation of access policies and procedures.

Data Risk Management

• Risk Identification & Mitigation: Identify, assess, and mitigate data privacy and security risks. Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
• Risk Execution: Own and execute Information Risk Assessments (IRAs) for the Asia Data Office.
• Audit & Compliance: Conduct regular audits to ensure ongoing compliance with privacy and security laws. Implement corrective actions as necessary.
• Incident Response: Lead response efforts for data breach incidents, including investigation, reporting, and remediation.
• Reporting: Provide regular updates on data risk status and mitigation strategies to the Asia Chief Data Officer and senior leadership.
• Training & Awareness: Develop and deliver training programs to promote a culture of privacy and data security awareness.

Coordination & Collaboration

• Cross-Functional Engagement: Collaborate with IT, legal, compliance, architecture, engineering, and business teams to ensure cohesive access management.
• Culture Building: Promote data stewardship and accountability across the organization.
• Solution Design: Work closely with solution and data architects to design access management solutions aligned with business and regulatory needs.

Required Qualifications

• Bachelor's or Master's degree in Information Technology, Data Science, Business Administration, or a related field.
• 8–10 years of experience in access management, data governance, or risk management.
• Experience in a multinational organization with a focus on Asia.
• Professional certifications such as CIPP, CRISC, or CDMP.
• Strong knowledge of access frameworks, governance policies, and regulatory compliance.
• Proficiency in technologies such as SQL, Oracle RDBMS, Microsoft Synapse, Azure Data Lake Storage (ADLS), Azure Data Factory, Cosmos DB, and Databricks.
• Foundational understanding of emerging technologies like Generative AI and OpenAI.
• Demonstrated experience in managing data risks and implementing mitigation strategies.
• Excellent leadership, communication, and stakeholder management skills.
• Ability to thrive in a fast-paced, dynamic environment with multiple priorities.

When You Join Our Team

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

About Manulife And John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit

Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact

Working Arrangement
Hybrid

Job Responsibilities

● Plan lead and manage IT Security, Cyber Security protection

● Responsible for safety reinforcement for various systems of the company

● Conduct safety assessment tests (black box and white box) on the company's website and business system

● Respond to company security incidents, clear back doors, and analyze attack paths according to logs

● Carry out security technology research, including security preventiontechnology, hacker technology, etc.

● Organize and implement regular vulnerability scanning, penetration testing, security drills, offensive and defense drills, etc.

Job Requirements

● Bachelor Degree or above with one of the ECF-C certification: CISSP, CISA, CISM, CRISC, CEH

● 5 years or above experience on Cyber security protection

● Familiar with attack and defense technology including SQL injection XSS cross-site, CSRF forgery request command execution and other security vulnerabilities and defense

● Familiar with mainstream security tools including Kali Linux, Metasploit Nessus Nmap AWVS Burp Appscan etc.

● Familiar with Linux/Windows Apache Nginx LAMP/LNMP, Oracle/MySQL

● Deep understanding of network security, system security, application security, web security as a whole with certain code audit and vulnerability analysis and mining capabilities

● Master at least one programming language C/JS/Python/PHP/Java/JS, etc.

● Familiar with mainstrain IPS/WAF/UEBA/SIEM/Honeypot

● Strong team spirit and sense of responsibility with good documentation and communication skills

● Good command of spoken and written English and Chinese, including Putonghua

Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.

Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

Job Description

Interactive Brokers Hong Kong Limited ("IBHK") is expanding its Risk Assessment Team (RA) within the New Accounts Department at our Hong Kong office. We are searching for candidates with prior experience in the financial services industry, exceptional attention to detail, and strong communication skills. The RA department liaises with Interactive Brokers' retail and professional clients.

The IBHK RA is accountable for providing high-quality reviews of Anti-Money Laundering (AML), Know-Your-Customer (KYC), sanctions, and Politically Exposed Persons (PEP) issues for retail customers, financial advisors, hedge fund operators, and other broker-dealers. We aim to facilitate client onboarding by providing regulatory and compliance guidance while building and maintaining long-term client relationships as we expand our global service offerings.

Responsibilities

• Perform Enhanced Due Diligence (EDD) reviews on individual and corporate applications following policies and desktop procedures; identify and escalate potential AML risks
  
  Analyze and verify source of funds/wealth information through public domain sources or documentation
• Investigate and process alerts from multiple queues, sourcing information as appropriate from external sources and/or internal personnel to investigate and process alerts effectively
• Evaluate and resolve negative news and/or red flags or potential PEP matches escalated by other New Account Teams
• Run checks in the Offshore Leaks Database and conduct public domain searches for negative information related to applicants and associated entities
• Provide advice on issues and escalations to other New Account Teams to address difficult applications and independently recommend risk-based decisions to AML
• Responsible for timely escalation of suspected financial crime to AML
• Work closely with other New Account Teams and AML to review and evaluate all financial crime risks

Qualifications, Skills & Attributes

• Bachelor's degree
• Experience: 2–3 years in client service and/or financial services preferred. Fresh graduates with a relevant academic background who are motivated and demonstrate the right aptitude will also be considered
• Minimum of 2 years' experience and familiarity, preferably gained in a brokerage or corporate banking environment, with onboarding or reviewing high-risk client relationships and conducting EDD
• Excellent written and oral communication skills in English and Cantonese; Mandarin is advantageous
• Strong research, investigatory, and problem-solving skills
• Ability to make risk-based recommendations and articulate them persuasively to other departments
• Able to multitask across various projects and firm initiatives
• Prior experience in a highly automated environment and/or a high degree of comfort with computers and technology
• Intermediate experience with MS Outlook, MS Word, and MS Excel
• Ability to work and thrive in a fast-paced, medium-sized office environment

Core Competencies

• Ability to identify, analyze, and escalate complex issues
• Excellent troubleshooting and problem-resolution skills
• Takes personal responsibility for identifying client needs while providing a high-value experience
• Efficient, self-motivated, and hard-working
• Able to multitask in a high-pressure environment

Company Benefits & Perks

• Competitive salary, annual performance-based bonus, and stock grant
• Excellent health and welfare benefits including medical, dental, specialist, and inpatient coverage
• Competitive annual leave package
• Daily lunch ordered in-house with a fully stocked kitchen
• Modern offices with multi-monitor setups
• Great work-life balance
• Unique opportunity to gain exposure to global financial products, markets, and clientele
• Opportunities for career progression and job scope expansion in a global company with a growing local presence
• Hybrid work arrangement, where permitted

• Handle the risk requirement and reporting related to other risks on departmental level
• Handle all sorts of business action plan and strategy report of the department
• Assist to conduct regular analysis to identify emerging AML/CFT risks faced by the Bank and other relevant changes of risk
• Provide comment independently and assist on the development and design, review and ongoing optimization of the AML /CFT risk assessment framework and relevant model
• Follow-up and conduct monitoring on the recommendations made to the model by internal and external auditor, regulator and other compliance team

• Bachelor degree or above in related disciplines
• Required to obtain CAMLP of HKAB or other internationally recognized professional qualifications
• 5 years or above of working experience in banking, law enforcement and regulatory institution or other industry related to AML and sanctions compliance
• Candidate with more experience would be considered as Senior AML Manager
• Require to master at least 1 or more of the following key fields:  AML policy and compliance requirement; customer and product due diligence; AML risk model; compliance review; formulate business and product risk control measures; suspicious transaction case investigation; AML system model management; fraud and corruptions risk control, prevent and investigation
• Good command of execution capabilities, independently and proactively coordinate with each team to implement relevant control measures and requirement to ensure completing the work timely
• Good command of analytic capabilities, conduct analysist on all sorts of data and information, propose risk points in various fields and make recommendations on corresponding controls
• Good command of communication skills and capabilities to organize report and information, coordinate the communication among each divisions and departments proactively and process information efficiently and systematically
• Good command of both written and spoken English and Chinese and report writing ability
• Agree and carry out corporate values, abide by law and regulations and be responsible and dedicated

• Handle the risk requirement and reporting related to other risks on departmental level
• Handle all sorts of business action plan and strategy report of the department
• Assist to conduct regular analysis to identify emerging AML/CFT risks faced by the Bank and other relevant changes of risk
• Provide comment independently and assist on the development and design, review and ongoing optimization of the AML /CFT risk assessment framework and relevant model
• Follow-up and conduct monitoring on the recommendations made to the model by internal and external auditor, regulator and other compliance team

• Bachelor degree or above in related disciplines
• Required to obtain CAMLP of HKAB or other internationally recognized professional qualifications
• 5 years or above of working experience in banking, law enforcement and regulatory institution or other industry related to AML and sanction compliance
• Require to master at least 1 or more of the following key fields: AML policy and compliance requirement; customer and product due diligence; AML risk model; compliance review; formulate business and product risk control measures; suspicious transaction case investigation; AML system model management; fraud and corruptions risk control, prevent and investigation
• Good command of execution capabilities, independently and proactively coordinate with each team to implement relevant control measures and requirement to ensure completing the work timely
• Good command of analytic capabilities, conduct analysist on all sorts of data and information, propose risk points in various fields and make recommendations on corresponding controls
• Good command of communication skills and capabilities to organize report and information, coordinate the communication among each divisions and departments proactively and process information efficiently and systematically
• Good command of both written and spoken English and Chinese and report writing ability
• Agree and carry out corporate values, abide by law and regulations and be responsible and dedicated

• Coordinate other risk-related control requirements and reporting at the department level
• Coordinate business action plans, strategy reports, and other initiatives within the headquarters
• Conduct periodic analysis to identify emerging money laundering and terrorist financing risks faced by the Bank and related risk changes
• Provide independent advice and support for the development, design, review, and continuous improvement of the ML/TF risk assessment framework and related models
• Monitor follow-up actions on model recommendations made by internal/external auditors, regulators, and other compliance teams
• Supervise and support the subordinates

• Bachelor degree or above in Law, Banking and Finance, Accounting or related disciplines
• Relevant qualification in CAMS, ECF (AML/CFT) Core Level, FRM, CPA, ACCA will be an advantage
• Prior experience in IT audit is preferred
• Good Knowledge in one or more of key areas on AML policies and compliance requirements, customer and product due diligence, AML risk modeling, compliance inspections, development of business and product risk control measures, suspicious transaction case investigations, AML system model management, fraud and corruption risk prevention and investigation.
• Strong execution capabilities, independently and proactively coordinating across teams to implement relevant control measures and requirements, ensuring timely completion of tasks
• Possess analytical skills to analyze diverse data and information, identify risk points across domains, and propose corresponding controls
• Excellent communication and report/information organization capabilities
• Exhibit project promotion capabilities to actively coordinate and drive projects assigned by superiors