What Jobs are available for Security Auditor in Hong Kong?

• Handle the risk requirement and reporting related to other risks on departmental level
• Handle all sorts of business action plan and strategy report of the department
• Assist to conduct regular analysis to identify emerging AML/CFT risks faced by the Bank and other relevant changes of risk
• Provide comment independently and assist on the development and design, review and ongoing optimization of the AML /CFT risk assessment framework and relevant model
• Follow-up and conduct monitoring on the recommendations made to the model by internal and external auditor, regulator and other compliance team

• Bachelor degree or above in related disciplines
• Required to obtain CAMLP of HKAB or other internationally recognized professional qualifications
• 5 years or above of working experience in banking, law enforcement and regulatory institution or other industry related to AML and sanctions compliance
• Candidate with more experience would be considered as Senior AML Manager
• Require to master at least 1 or more of the following key fields:  AML policy and compliance requirement; customer and product due diligence; AML risk model; compliance review; formulate business and product risk control measures; suspicious transaction case investigation; AML system model management; fraud and corruptions risk control, prevent and investigation
• Good command of execution capabilities, independently and proactively coordinate with each team to implement relevant control measures and requirement to ensure completing the work timely
• Good command of analytic capabilities, conduct analysist on all sorts of data and information, propose risk points in various fields and make recommendations on corresponding controls
• Good command of communication skills and capabilities to organize report and information, coordinate the communication among each divisions and departments proactively and process information efficiently and systematically
• Good command of both written and spoken English and Chinese and report writing ability
• Agree and carry out corporate values, abide by law and regulations and be responsible and dedicated

• Handle the risk requirement and reporting related to other risks on departmental level
• Handle all sorts of business action plan and strategy report of the department
• Assist to conduct regular analysis to identify emerging AML/CFT risks faced by the Bank and other relevant changes of risk
• Provide comment independently and assist on the development and design, review and ongoing optimization of the AML /CFT risk assessment framework and relevant model
• Follow-up and conduct monitoring on the recommendations made to the model by internal and external auditor, regulator and other compliance team

• Bachelor degree or above in related disciplines
• Required to obtain CAMLP of HKAB or other internationally recognized professional qualifications
• 5 years or above of working experience in banking, law enforcement and regulatory institution or other industry related to AML and sanction compliance
• Require to master at least 1 or more of the following key fields: AML policy and compliance requirement; customer and product due diligence; AML risk model; compliance review; formulate business and product risk control measures; suspicious transaction case investigation; AML system model management; fraud and corruptions risk control, prevent and investigation
• Good command of execution capabilities, independently and proactively coordinate with each team to implement relevant control measures and requirement to ensure completing the work timely
• Good command of analytic capabilities, conduct analysist on all sorts of data and information, propose risk points in various fields and make recommendations on corresponding controls
• Good command of communication skills and capabilities to organize report and information, coordinate the communication among each divisions and departments proactively and process information efficiently and systematically
• Good command of both written and spoken English and Chinese and report writing ability
• Agree and carry out corporate values, abide by law and regulations and be responsible and dedicated

• Coordinate other risk-related control requirements and reporting at the department level
• Coordinate business action plans, strategy reports, and other initiatives within the headquarters
• Conduct periodic analysis to identify emerging money laundering and terrorist financing risks faced by the Bank and related risk changes
• Provide independent advice and support for the development, design, review, and continuous improvement of the ML/TF risk assessment framework and related models
• Monitor follow-up actions on model recommendations made by internal/external auditors, regulators, and other compliance teams
• Supervise and support the subordinates

• Bachelor degree or above in Law, Banking and Finance, Accounting or related disciplines
• Relevant qualification in CAMS, ECF (AML/CFT) Core Level, FRM, CPA, ACCA will be an advantage
• Prior experience in IT audit is preferred
• Good Knowledge in one or more of key areas on AML policies and compliance requirements, customer and product due diligence, AML risk modeling, compliance inspections, development of business and product risk control measures, suspicious transaction case investigations, AML system model management, fraud and corruption risk prevention and investigation.
• Strong execution capabilities, independently and proactively coordinating across teams to implement relevant control measures and requirements, ensuring timely completion of tasks
• Possess analytical skills to analyze diverse data and information, identify risk points across domains, and propose corresponding controls
• Excellent communication and report/information organization capabilities
• Exhibit project promotion capabilities to actively coordinate and drive projects assigned by superiors

Job Description:

• Minimum of 4 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

About Pure Software:

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world's top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

Job Purpose:

Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

• Support security tools including network firewall, DLP, SIEM, vulnerability scanning,
• micro-segmentation
• Review the firewall rule change requests; conduct the modification or reject if the request
• may expose the Group to unacceptable risk
• Act as project manager role on information security projects
• Provide technical guidance to systems and network team regarding security configurations
• Analyse cybersecurity incidents and make recommendations on remedial actions.
• Define and design adequate security controls to maintain secure control environment.
• Conduct regular security assessment on systems, network and IT infrastructure
• Provide security advisory service to stakeholders on new initiatives and development
• projects.
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill
• in regular basis.
• Monitor and govern external service providers, including both outsourcing service
• providers and connected third parties, to deliver the services as per the Group's security
• requirements.

Incumbent Requirements:

• Minimum 6 years of relevant work experience in technology risk, information security
• and cybersecurity
• University graduate in Computer Science / Information Technology or equivalent.

• One or more certificates listed below:

• ISC2 Certified Information Security Professional (CISSP)

• ISACA Certified Information System Auditor (CISA)
• ISACA Certified Information Security Manager (CISM)
• ISC2 Certified Cloud Security Professional (CCSP)
• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and
• application security of finance/banking systems, in particular hands on experience in
• firewall management
• Experience in regulators' requirement on technology risk management including the
• Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls
• Framework of SWIFT
• Strong information security sense in relation to business requirements
• Mature, independent and able to deliver quality results under tight schedule

Please note that only shortlisted candidates will be notified.

Job Purpose:

Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

• Support security tools including network firewall, DLP, SIEM, vulnerability scanning, micro-segmentation;
• Review the firewall rule change requests; conduct the modification or reject if the request may expose the Group to unacceptable risk;
• Act as project manager role on information security projects;
• Provide technical guidance to systems and network team regarding security configurations;
• Analyse cybersecurity incidents and make recommendations on remedial actions;
• Define and design adequate security controls to maintain secure control environment;
• Conduct regular security assessment on systems, network and IT infrastructure;
• Provide security advisory service to stakeholders on new initiatives and development projects;
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill in regular basis;
• Monitor and govern external service providers, including both outsourcing service providers and connected third parties, to deliver the services as per the Group's security requirements.

Incumbent Requirements:

• Minimum 6 years of relevant work experience in technology risk, information security and cybersecurity;
• University graduate in Computer Science / Information Technology or equivalent;

• One or more certificates listed below:

• ISC2 Certified Information Security Professional (CISSP)

• ISACA Certified Information System Auditor (CISA)

• ISACA Certified Information Security Manager (CISM)

• ISC2 Certified Cloud Security Professional (CCSP)

• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and application security of finance/banking systems, in particular hands on experience in firewall management;

• Experience in regulators' requirement on technology risk management including the Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls Framework of SWIFT;
• Strong information security sense in relation to business requirements;
• Mature, independent and able to deliver quality results under tight schedule.

Please note that only shortlisted candidates will be notified.

Position Overview

We are seeking an experienced and strategically minded Information Security Officer to join our organization. In this role, you will be the key architect and executor of the company's information security strategy, responsible for building, maintaining, and continuously optimizing our information security framework.

Your work will play a critical role in protecting our core trading systems, sensitive client data, and essential business infrastructure—ensuring that our operations remain secure, stable, and compliant with global financial regulatory standards.

Key Responsibilities

Strategy and Governance

• Develop, implement, and continuously refine the company's overall information security strategy, roadmap, and policy framework.
• Report the organization's security posture, major risks, and governance updates to senior management and the board of directors.
• Establish and promote a strong information security culture across the organization through comprehensive training and awareness programs.

Compliance and Risk Management

• Lead and ensure compliance with all applicable financial industry laws, regulations, and supervisory requirements (including CSRC, Cybersecurity Law, Data Security Law, Personal Information Protection Law, GDPR, etc.).
• Oversee internal and external security audits and compliance reviews and ensure timely remediation of audit findings.
• Conduct regular information security risk assessments to identify threats and vulnerabilities affecting trading platforms, client data, and company assets, and drive the implementation of risk mitigation measures.

Technical Security and Defence

• Supervise the implementation and operation of security controls across network, system, application, and data layers—including but not limited to firewalls, IDS/IPS, SIEM, WAF, and endpoint protection.
• Ensure the confidentiality, integrity, and availability of the production trading environment.
• Manage security relationships with cloud service providers (such as Azure) and third-party partners, including security posture assessments.

Security Operations and Incident Response

• Lead the Security Operations Centre (SOC) team in monitoring, analyzing, and responding to security incidents.
• Develop and maintain a comprehensive incident response plan and organize regular simulation exercises.
• Serve as the overall incident commander during actual security events, ensuring effective containment, eradication, and recovery.
• Oversee the vulnerability management process, coordinating with technical teams on scanning, assessment, prioritization, and remediation.

Data Security and Privacy Protection

• Design and implement data classification and protection programs, including DLP, encryption, and access control policies.
• Ensure the full lifecycle protection of sensitive data such as client transaction data and personally identifiable information (PII).

Qualifications

Basic Requirements

• Bachelor's degree or above in Computer Science, Information Security, or a related field.
• Over 8 years of experience in information security, with at least 3 years in a managerial or equivalent role within the financial industry (especially securities, futures, or trading platforms).
• Holder of internationally recognized security certifications such as CISSP, CISM, or CISA.

Knowledge and Skills

• Financial Industry Compliance Expertise: Deep understanding of cybersecurity and IT governance requirements set by domestic and international financial regulators.
• Strong Technical Foundation: Proficient in network security architecture, operating system security (Linux/Windows), database security, and application security. Familiarity with trading system technology stacks is a strong plus.
• Hands-on Security Experience: Extensive experience in security incident investigation, incident response, and threat hunting; well-versed in common attack techniques and defense strategies.
• Leadership and Communication: Excellent leadership, communication, and coordination skills; capable of leading cross-functional collaboration with technology, business, risk, and compliance teams.
• Strategic Thinking: Ability to align business objectives with security goals and develop practical, effective security strategies.

We Offer

• Highly competitive compensation package and performance-based bonuses.
• The opportunity to play a key leadership role in shaping cybersecurity at the forefront of the fintech industry.
• A professional, open, and intellectually challenging work environment.
• Comprehensive benefits and a structured career development pathway.

工作類型: 全職

薪酬: 最多每月 $60,000.00

Work Location: 親身到場

Job Purpose

You will be responsible for carrying out information security functions and activities for the Technology function.

Responsibilities

• Protect the confidentiality, integrity and availability of all assets and systems through monitoring, detection, and analysis activities
• Review and assess information security requests to determine compliance with organizational policies and standards.
• Prepare and present cybersecurity-related reports, highlighting risks, incidents, and remediation efforts.
• Facilitate the annual recertification process for user access and security controls.
• Collaborate with IT teams to implement security measures, and remediate the audit findings
• Participate in and manage security-related projects to enhance overall security posture.
• Support Information security team to develop and implement security policies, procedures and guidelines
• Validate information security controls effectiveness and agreed deliverables to assure security standards/plans are achieved.
• Review the current IT Security solution and Security Policy to identify potential gaps within the organisation
• Undertake monitoring of security controls and policy adherence in line with Bupa policies based on ISO27001 and NIST Cybersecurity
• Monitor the security controls for security breaches and investigate violations
• Conduct risk and vulnerability assessment at the network, system and application level, and assess resulting impact on risk

Qualifications, Training and Experience

• Relevant Bachelor's/Master's degree holder from a recognized university
• 3-5 years of relevant work experience on managing security technologies
• Work experience in cloud security solution experience (Wiz preferred)
• Work experience in web proxy / SASE solutions (Palo Alto Prisma SASE preferred)
• Work experience cloud platforms (Azure, GCP preferred)
• Experience in managing security solutions, such as Wiz, Palo Alto Prisma, Zscaler, MS Defender, Imperva, Cloudfare
• Scripting skills, such as Terraforms, MS PowerShell, Python
• Good communication skills and the ability to collaborate well with across departments
• Able to demonstrate a positive, logical, and proactive approach while executing the assigned tasks
• Certification holder in information security (CISSP, CISA, etc.) will be an advantage.
• Ability to prioritize work and design schedules to meet the desired requirements

Bupa offers 5 days' work per week and comprehensive remuneration packages including base salary, study assistance plan, company pension plan, life and medical benefit, dental benefit, annual leave, examination leave, etc.

Bupa is an equal opportunity employer and welcomes applications from qualified candidates. Information provided will be treated in strict confidence and only be used for consideration of application with Bupa.

Personal data collected will be used for recruitment purposes only. Bupa will be in touch for any opportunities that matches your profile. All personal data of unsuccessful application will be destroyed 24 months from the date of receiving the application. Full version of Data Privacy Notice available upon request.

Develops and leads one or more of the following highly technical and specialized areas within information security: Security Engineering, Security Architecture, Forensics Analysis, Threat Analysis, Threat Hunting and Penetration Testing. Manages the development, deployment and execution of enterprise security controls and defenses. Monitors, analyzes and exploits system vulnerabilities to detect potential threats. Executes containment, mitigation and protection processes to safeguard against real time threats while maintaining critical documentation and evidence. Determines risk and exposure from security breaches and resolves incidents while providing guidance to business decision-makers.

• Tracks and supports the delivery of information security solutions. Manages the tactical activities of installing and configuring of security systems, software and applications. Coordinates responses to intrusions and provide remediation guidance and support.
• Coordinates resources on highly complex development projects including approval of design specifications and scope. Provides input to short-term security technology roadmaps regarding applicability of new technologies. Disseminates updates to InfoSec Architectural policies, standards and guidelines to team members.
• Reviews forensic investigations and analysis of reported cyber incidents to evaluate root cause vectors and necessary control measures needed to prevent future occurrence. Implements appropriate countermeasures to recover deleted, hidden or lost user data.
• Coordinates research and analysis of threat actor profiles and associated indicators to detect potential threats. Implements recommended actions and security tools to identify, monitor and mitigate attacks. Coordinates with external security organizations to exchange threat intelligence.
• Coordinates complex threat assessment to evaluate incident impact and risk exposure. Reviews cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies), and draws conclusions on possible implications or applicability. Guides the threat intelligence collection process to enhance analytical capabilities.
• Manages execution of penetration testing activities on core systems. Articulates the outcome of stimulated attacks and underlying security issues or system weaknesses. Recommends and institutes remediation techniques or improvements to protect and maintain security frameworks and controls.
• Supports the evaluation and selection of security applications and systems. Manages the implementation of access control defenses. Provides quality review on the evaluation and documentation of team procedures. Manages development, deployment and support activities for multiple critical security technologies to include problem resolution and management, application maintenance, project requests and system enhancements.
• Not an exhaustive list; other duties as assigned.

Minimum Qualifications

• Bachelor's Degree. Relevant Experience or Degree in: Information Security or Computer Science preferred. Other majors will be considered.
• Typically a minimum of 6 years experience.
• related professional experience and prefer a minimum of 1-2 years experience in a supervisory position.
• One or more of the following-CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, CGEIT, Certified Forensic Computer Examiner (CFCE), Certified Cyber Threat Analyst (CCTA), Certified Computer Examiner (CCE)

Preferred Qualifications

• Prior payment or technology industry experience is preferred.
• Master's Degree in a related field of study from an accredited university.