What Jobs are available for Security Executive in Hong Kong?

Company description:

The Hong Kong Jockey Club

Job description:

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club's ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club's reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

1 Cyber Risk Management

• Identify, assess and communicate the cyber risks to the business and/or critical supporting functions, adhering to the Club's cyber risk management framework
• Establish and manage the cyber risk profile for the business and/or critical supporting functions, and ensure treatment plans are defined, funded and tracked
• Represent the Cyber Security Department at the non-financial risk committees chaired by the business and/or critical support functions, providing cyber advisory and presenting the cyber risk profile, highlighting material risks and other related updates
• Advise the business and/or critical supporting functions of the updates to the Club's cyber security policies and standards, and ensure a plan and funding are in place to adopt them

2 Business-Cyber Security Alignment

• Embed cyber security into the business's and/or critical supporting functions' strategy and objectives, and throughout their projects and day-to-day operations
• Ensure the Club's cyber security strategy, policies, standards and solutions are relevant to the goals and challenges of the business and critical supporting functions, and the applicable regulatory requirements
• Ensure the Club's policies and standards are fully complied with across its processes and systems
• Raising the cyber risk awareness and culture within the business and/or critical supporting functions, leveraging the Club's cyber awareness and training programs
• Convey the needs from respective business units for the creation of the Cyber Security programme awareness and promotion of the cyber security control adoption across the business and/or critical supporting functions
• Advocate for modern Agile InfoSec practices, balancing security and business agility through a pragmatic risk-based approach
• Liaise between Cyber Security and Business stakeholders to ensure seamless integration of Cyber Security controls

3 Stakeholder Collaboration and Communication

• Act as a trusted cyber advisor, fostering partnerships between Cyber Security and Business & IT teams
• Translate complex security concepts and requirements into actionable and business-friendly guidance
• During cyber security incidents, provide periodic sitrep to the business and/or critical supporting functions, and continuously assess the business impact of it
• Develop clear and concise updates on the cyber risk profiles, strategy, policies and standards, ensuring they are tailored for the non-financial risk committee members

About You

You should have:

• Bachelor's degree holder, e.g., Computer Science, IT, or other disciplines; a Master's degree is preferred
• 10+ years of experience in cyber risk management, cyber risk governance, or related fields
• Exceptional communication skills, with the ability to translate technical concepts for diverse audiences
• Expertise in stakeholder engagement, including senior executives and board members
• Demonstrated ability to foster business partnerships and to cultivate a strong risk culture
• Exceptional English writing and verbal communication skills, with the ability to present complex concepts to non-technical audiences
• Proficiency in the key cyber control domains, cyber risk management, governance frameworks and GRC tools
• Strong organisational and multitasking abilities with meticulous attention to detail
• Excellent stakeholder management and relationship-building skills

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.

About Us
We're the world's leading provider of secure financial messaging services, headquartered in Belgium. We are the way the world moves value – across borders, through cities and overseas. No other organisation can address the scale, precision, pace and trust that this demands, and we're proud to support the global economy.

We're unique too. We were established to find a better way for the global financial community to move value – a reliable, safe and secure approach that the community can trust, completely. We're always striving to be better and are constantly evolving in an ever-changing landscape, without undermining that trust. Five decades on, our vibrant community reflects the complexity and diversity of the financial ecosystem. We innovate diligently, test exhaustively, then implement fast. In a connected and exciting era, our mission has never been more relevant. Swift now has a presence in 200+ countries and legal territories to serve a community of more than 12,000 banks and financial institutions.

Are you an experienced cyber security professional ready to dive deeper into the realm of Incident Response? Do challenging and complex investigations spanning thousands of systems sound exciting?

Then you have found the right position You will be working with a group of talented cyber security specialists, supporting the world's leading provider of secure financial messaging services. In this position your effort and expertise are highly valued and critical to the global financial market. By joining the APAC team and you will also have the opportunity to contribute to cutting-edge security initiatives at the very forefront of technology.

What To Expect

• Conduct Daily Operational Security Monitoring
• Lead complex depth Security Investigations
• Contribute to industry-leading security initiatives
• Perform Threat Hunting and Threat Intelligence activities
• Create, Update and Maintain security process documentation
• Collaborate with security teams to improve Swift's security posture

What Will Make You Successful

• Bachelor's degree in Computer Science, Engineering or other related field
• 5+ years of experience in a Cyber Security domain, preferably Incident Response
• In-depth understanding of Computer Networks, Windows and Linux OS
• Fluency in English – written and oral
• Willingness to work weekend shifts
• Professional Certifications such as GCIH, GCFA, CISSP, OSCP or others

Swift for you

• Provide extensive training opportunities such as SANS and soft-skill trainings
• Competitive package and excellent work-life balance
• We put you in control of your career
• We give you a competitive package
• We help you perform at your best
• We help you make a difference
• We give you the freedom to be yourself

We give you the freedom to be yourself. We are creating an environment of unique individuals—like you—with different perspectives on the financial industry and the world. A diverse and inclusive environment in which everyone's voice counts and where you can reach your full potential.

If you believe you require a reasonable accommodation to participate in the job application or interview process, please contact us to request accommodation.

Don't meet every single requirement? At Swift, we are dedicated to building a workplace where people can bring their full selves and ideas to the team, so if you are excited about this role, we encourage you to apply even if you do not meet every single qualification.

What We Offer
We put you in control of career

We give you a competitive package

We help you perform at your best

We help you make a difference

We give you the freedom to be yourself

We give you the freedom to be yourself. We are creating an environment of unique individuals – like you – with different perspectives on the financial industry and the world. A diverse and inclusive environment in which everyone's voice counts and where you can reach your full potential.
If you believe you require a reasonable accommodation to participate in the job application or interview process, please contact us to request accommodation.
Don't meet every single requirement? At Swift, we are dedicated to building a workplace where people can bring their full selves and ideas to the team, so if you are excited about this role, we encourage you to apply even if you do not meet every single qualification.

Cyber Security and IT Governance Cluster is the first line of defense Control Function to ensure that effective cybersecurity controls are in place in addressing the emerging cyber threats. The Cluster consists of Cyber Security Management (CSM), IT Policy and Compliance (ITPC) and Parameter and User Access Management (PUAM). Its function includes but not limited to the establishment and management of the cybersecurity organization, policies framework development, controls architecture, cybersecurity incident management, cybersecurity awareness, third party security, collaboration with external interested parties, cyber threats intelligence, cybersecurity and IT compliance monitoring, audit and compliance assessment coordination, issues remediation management, and parameter and user access management.

The role of the Head of Cyber Security Management holds the management responsibilities to the Cyber Security Management (CSM) and Parameter and User Access Management (PUAM) functions, with the following responsibilities:

• Formulate the overall strategies and goals of Cyber Security Management, establish annual and long-term cybersecurity strategies, programme.
• Develop and manage a framework for evaluating the maturity of the cybersecurity programme and a roadmap for continual improvement.
• Responsible for formulating cybersecurity control requirements, including policies, procedures and standards.
• Develop and adopt a management system to manage cybersecurity holistically and systemically in addressing the stakeholder security governance requirements and the strategic objectives, and to have appropriate management processes and systems in place that to confirm the requirements of the interested parties, such as Regulators, Head Office and Senior Management etc.
• Provide cybersecurity advice and guidance to the Control Owner on the effective design of its control measures.
• Monitor and evaluate the design and effectiveness of relevant control measures, including organizing the formulation of control effectiveness indicators and conducting regular evaluation and inspections.
• Stay abreast of emerging cybersecurity threats, trends and technologies, continuously enhancing the Bank's security postures.
• Manage team performance and support career guidance of a high performing teams the support cybersecurity management, parameter and user access management.
• Adopting management and security governance model to define and allocate roles and responsibilities for the protection of individual assets and for carrying out specific security processes.

• Define the management requirements, scope, roles and responsibilities, management processes and its interfaces for the following control domains under the Cyber Security Management, and Parameter and User Access Management, oversee the delivery of the corresponding services:

• Data Security Technical Control Management,

• Organization of Cyber Security (Including organizational structure, roles and responsibilities),
• Human Awareness Security,
• Policies Framework Management,
• Control Architecture Management,
• Cyber Security Incident Management,
• Threat Intelligence Management,
• Third Party Security Management,
• Secure System Development Management,
• Parameter and User Access Management.
• Provide directions, guidance and oversights to the IT Operations Center and IT Development Center on embedding cybersecurity requirements into its areas of responsibilities and functions; (i.e. Security Operations, including endpoints, network, infrastructure, operations security and Secure Development).
• Develop, manage and analyze the key monitoring indicators (e.g. KCI) to monitor and report the effectiveness of the cyber security controls.
• Present and report cybersecurity postures regularly to senior management and various levels of organization committees.
• Identify and resolve management issues, optimize management processes and operational workflows, to optimize the resources utilization and achieve operational efficiency.
• Responsible for any other responsibilities as directed by the Head of Cyber Security and IT Governance.

REQUIREMENT:

• Degree holder in Cyber Security / Computer Science / Information Technology or related discipline;
• Minimum 10 years or above of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management or IT Audit, preferably with experience gained from consultancy / banking / finance industry;
• Experience in consultancy preferably Big 4 or IT Auditing is an advantage
• Holder of HKMA ECF-C recognized certifications at professional level is required;
• Customer-oriented, good communication and interpersonal skills;
• Able to work independently and under pressure with tight deadline;
• Strong problem-solving, analytical skills and presentation skills;
• Good command of written and spoken English and Mandarin;
• Possess proven managerial experience is a must;
• Possess forward planning, strategic thinking, problem solving and decision-making skills;
• Strong understanding and application of the best practices of cybersecurity management system methodology;
• Proficiency in preparing management dashboard / reporting deck and reports in Chinese is definitely an advantage

Applicants who are not contacted within 8 weeks may consider their applications unsuccessful and their personal data will be retained by the bank for a period up to two years.

All information provided by applicants will be used for recruitment purposes only and will be used strictly in accordance with the bank's personal data policies, a copy of which will be provided upon request.

• To monitor and maintain physical security and fire system operated in the Banks' premises. Including branches, offsite ATMs and offices
• Assist to manage daily operations of Access Control System, including but not limited access card issue and access report preparation
• Assist to prepare payment application and manage the billing cycle
• To maintain register on security and fire safety system
• To prepare management reports and perform data analysis
• To handle any ad-hoc task assigned by management
• To support the team for operations actvities e.g. Training, safty inspections

• Bachelor Degree
• Sound knowledge on physical security, security system and access control system
• Ability to work independently with strong communication and interpersonal skills
• Ability to provide precise report to Management
• At least 3 years of security operation experience in sizable organization
• Good command of spoken and written English and Chinese, especially in Mandarin

Job Description:

• Minimum of 4 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

About Pure Software:

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world's top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

Job Purpose:

Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

• Support security tools including network firewall, DLP, SIEM, vulnerability scanning,
• micro-segmentation
• Review the firewall rule change requests; conduct the modification or reject if the request
• may expose the Group to unacceptable risk
• Act as project manager role on information security projects
• Provide technical guidance to systems and network team regarding security configurations
• Analyse cybersecurity incidents and make recommendations on remedial actions.
• Define and design adequate security controls to maintain secure control environment.
• Conduct regular security assessment on systems, network and IT infrastructure
• Provide security advisory service to stakeholders on new initiatives and development
• projects.
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill
• in regular basis.
• Monitor and govern external service providers, including both outsourcing service
• providers and connected third parties, to deliver the services as per the Group's security
• requirements.

Incumbent Requirements:

• Minimum 6 years of relevant work experience in technology risk, information security
• and cybersecurity
• University graduate in Computer Science / Information Technology or equivalent.

• One or more certificates listed below:

• ISC2 Certified Information Security Professional (CISSP)

• ISACA Certified Information System Auditor (CISA)
• ISACA Certified Information Security Manager (CISM)
• ISC2 Certified Cloud Security Professional (CCSP)
• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and
• application security of finance/banking systems, in particular hands on experience in
• firewall management
• Experience in regulators' requirement on technology risk management including the
• Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls
• Framework of SWIFT
• Strong information security sense in relation to business requirements
• Mature, independent and able to deliver quality results under tight schedule

Please note that only shortlisted candidates will be notified.

Job Purpose:

Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

• Support security tools including network firewall, DLP, SIEM, vulnerability scanning, micro-segmentation;
• Review the firewall rule change requests; conduct the modification or reject if the request may expose the Group to unacceptable risk;
• Act as project manager role on information security projects;
• Provide technical guidance to systems and network team regarding security configurations;
• Analyse cybersecurity incidents and make recommendations on remedial actions;
• Define and design adequate security controls to maintain secure control environment;
• Conduct regular security assessment on systems, network and IT infrastructure;
• Provide security advisory service to stakeholders on new initiatives and development projects;
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill in regular basis;
• Monitor and govern external service providers, including both outsourcing service providers and connected third parties, to deliver the services as per the Group's security requirements.

Incumbent Requirements:

• Minimum 6 years of relevant work experience in technology risk, information security and cybersecurity;
• University graduate in Computer Science / Information Technology or equivalent;

• One or more certificates listed below:

• ISC2 Certified Information Security Professional (CISSP)

• ISACA Certified Information System Auditor (CISA)

• ISACA Certified Information Security Manager (CISM)

• ISC2 Certified Cloud Security Professional (CCSP)

• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and application security of finance/banking systems, in particular hands on experience in firewall management;

• Experience in regulators' requirement on technology risk management including the Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls Framework of SWIFT;
• Strong information security sense in relation to business requirements;
• Mature, independent and able to deliver quality results under tight schedule.

Please note that only shortlisted candidates will be notified.

Position Overview

We are seeking an experienced and strategically minded Information Security Officer to join our organization. In this role, you will be the key architect and executor of the company's information security strategy, responsible for building, maintaining, and continuously optimizing our information security framework.

Your work will play a critical role in protecting our core trading systems, sensitive client data, and essential business infrastructure—ensuring that our operations remain secure, stable, and compliant with global financial regulatory standards.

Key Responsibilities

Strategy and Governance

• Develop, implement, and continuously refine the company's overall information security strategy, roadmap, and policy framework.
• Report the organization's security posture, major risks, and governance updates to senior management and the board of directors.
• Establish and promote a strong information security culture across the organization through comprehensive training and awareness programs.

Compliance and Risk Management

• Lead and ensure compliance with all applicable financial industry laws, regulations, and supervisory requirements (including CSRC, Cybersecurity Law, Data Security Law, Personal Information Protection Law, GDPR, etc.).
• Oversee internal and external security audits and compliance reviews and ensure timely remediation of audit findings.
• Conduct regular information security risk assessments to identify threats and vulnerabilities affecting trading platforms, client data, and company assets, and drive the implementation of risk mitigation measures.

Technical Security and Defence

• Supervise the implementation and operation of security controls across network, system, application, and data layers—including but not limited to firewalls, IDS/IPS, SIEM, WAF, and endpoint protection.
• Ensure the confidentiality, integrity, and availability of the production trading environment.
• Manage security relationships with cloud service providers (such as Azure) and third-party partners, including security posture assessments.

Security Operations and Incident Response

• Lead the Security Operations Centre (SOC) team in monitoring, analyzing, and responding to security incidents.
• Develop and maintain a comprehensive incident response plan and organize regular simulation exercises.
• Serve as the overall incident commander during actual security events, ensuring effective containment, eradication, and recovery.
• Oversee the vulnerability management process, coordinating with technical teams on scanning, assessment, prioritization, and remediation.

Data Security and Privacy Protection

• Design and implement data classification and protection programs, including DLP, encryption, and access control policies.
• Ensure the full lifecycle protection of sensitive data such as client transaction data and personally identifiable information (PII).

Qualifications

Basic Requirements

• Bachelor's degree or above in Computer Science, Information Security, or a related field.
• Over 8 years of experience in information security, with at least 3 years in a managerial or equivalent role within the financial industry (especially securities, futures, or trading platforms).
• Holder of internationally recognized security certifications such as CISSP, CISM, or CISA.

Knowledge and Skills

• Financial Industry Compliance Expertise: Deep understanding of cybersecurity and IT governance requirements set by domestic and international financial regulators.
• Strong Technical Foundation: Proficient in network security architecture, operating system security (Linux/Windows), database security, and application security. Familiarity with trading system technology stacks is a strong plus.
• Hands-on Security Experience: Extensive experience in security incident investigation, incident response, and threat hunting; well-versed in common attack techniques and defense strategies.
• Leadership and Communication: Excellent leadership, communication, and coordination skills; capable of leading cross-functional collaboration with technology, business, risk, and compliance teams.
• Strategic Thinking: Ability to align business objectives with security goals and develop practical, effective security strategies.

We Offer

• Highly competitive compensation package and performance-based bonuses.
• The opportunity to play a key leadership role in shaping cybersecurity at the forefront of the fintech industry.
• A professional, open, and intellectually challenging work environment.
• Comprehensive benefits and a structured career development pathway.

工作類型: 全職

薪酬: 最多每月 $60,000.00

Work Location: 親身到場

Job Purpose

You will be responsible for carrying out information security functions and activities for the Technology function.

Responsibilities

• Protect the confidentiality, integrity and availability of all assets and systems through monitoring, detection, and analysis activities
• Review and assess information security requests to determine compliance with organizational policies and standards.
• Prepare and present cybersecurity-related reports, highlighting risks, incidents, and remediation efforts.
• Facilitate the annual recertification process for user access and security controls.
• Collaborate with IT teams to implement security measures, and remediate the audit findings
• Participate in and manage security-related projects to enhance overall security posture.
• Support Information security team to develop and implement security policies, procedures and guidelines
• Validate information security controls effectiveness and agreed deliverables to assure security standards/plans are achieved.
• Review the current IT Security solution and Security Policy to identify potential gaps within the organisation
• Undertake monitoring of security controls and policy adherence in line with Bupa policies based on ISO27001 and NIST Cybersecurity
• Monitor the security controls for security breaches and investigate violations
• Conduct risk and vulnerability assessment at the network, system and application level, and assess resulting impact on risk

Qualifications, Training and Experience

• Relevant Bachelor's/Master's degree holder from a recognized university
• 3-5 years of relevant work experience on managing security technologies
• Work experience in cloud security solution experience (Wiz preferred)
• Work experience in web proxy / SASE solutions (Palo Alto Prisma SASE preferred)
• Work experience cloud platforms (Azure, GCP preferred)
• Experience in managing security solutions, such as Wiz, Palo Alto Prisma, Zscaler, MS Defender, Imperva, Cloudfare
• Scripting skills, such as Terraforms, MS PowerShell, Python
• Good communication skills and the ability to collaborate well with across departments
• Able to demonstrate a positive, logical, and proactive approach while executing the assigned tasks
• Certification holder in information security (CISSP, CISA, etc.) will be an advantage.
• Ability to prioritize work and design schedules to meet the desired requirements

Bupa offers 5 days' work per week and comprehensive remuneration packages including base salary, study assistance plan, company pension plan, life and medical benefit, dental benefit, annual leave, examination leave, etc.

Bupa is an equal opportunity employer and welcomes applications from qualified candidates. Information provided will be treated in strict confidence and only be used for consideration of application with Bupa.

Personal data collected will be used for recruitment purposes only. Bupa will be in touch for any opportunities that matches your profile. All personal data of unsuccessful application will be destroyed 24 months from the date of receiving the application. Full version of Data Privacy Notice available upon request.