150 Security Governance jobs in Hong Kong

1 day ago Be among the first 25 applicants

Founded in 1956, Maxim’s Group is one of Asia’s leading food and beverage companies, operating Chinese, Western, Japanese and Southeast Asian restaurants, quick service outlets, bakery shops and cafes, and an institutional catering service. Maxim's Group also produces a range of festive products, including the award-winning Hong Kong MX Mooncakes, and is a licensee of Starbucks Coffee, Genki Sushi, IPPUDO, The Cheesecake Factory and Shake Shack in various territories. Altogether, the Group has over 40,000 employees and 2,000 outlets in Asia.

Proud of our heritage and humbled by our success, we are committed to a sustainable and innovative future. To learn more about Maxim’s, visit

Job Responsibilities:

• Conduct technical security assessments on IT and digital initiatives, with a focus on application security
• Identify and mitigate security vulnerabilities in applications, APIs, and software development processes
• Collaborate with development teams to integrate security practices into the Software Development Lifecycle (SDLC) and CI/CD pipelines
• Develop and enforce secure coding standards and guidelines for application development
• Assess and implement tools and technologies for application security testing (e.g., SAST, DAST, SCA)
• Provide awareness training on application security best practices
• Investigate and manage application-related cybersecurity incidents
• Stay updated on emerging application security threats and trends to proactively address risks
• Assist in defining technical solutions to protect company assets, with a focus on application security
• Regularly review internal policies and global standards (e.g., NIST, ISO 27001, PCI DSS) to ensure ongoing compliance
• Assist IT teams in internal and external audits, including pre-audit review, liaison with auditors and stakeholders, and post-audit follow-up
• Investigate and manage cyber security incidents

Job Requirements:

• Minimum 8 years or more of hands-on experience in application security, preferably in a sizable organization with a regional presence in AP (e.g., China, Southeast Asian Market)
• Strong practical experience in application security testing, vulnerability management, and secure coding practices
• Familiarity with application security tools (e.g., Burp Suite, Veracode, SonarQube, OWASP ZAP) and methodologies (e.g., OWASP Top 10)
• Knowledge of integrating security into DevOps practices (DevSecOps) and CI/CD pipelines
• Excellent communication and interpersonal skills to collaborate with development teams and stakeholders
• Proactive, problem-solving mindset with the ability to work under pressure
• Possession of relevant certifications (e.g., OSCP, CISSP, CEH, GWAPT, CSSLP) is a strong advantage

Interested parties please apply with full resume, state current and expected salaries by clicking "Apply Now".

All applications and data collected will be treated in strict confidence and used exclusively for recruitment purposes. Only short listed candidates will be invited for interview. The company will retain the applications for a maximum period of 24 months and may refer suitable candidates to other vacancies within the Group.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Management and Information Technology
• Industries Food and Beverage Services, Hospitality, and Retail

Referrals increase your chances of interviewing at Hong Kong Maxim's Group by 2x

Get notified about new Application Security Manager jobs in Kowloon, Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

4 days ago Be among the first 25 applicants

We are seeking a diligent and proactive Information Security Officer to oversee and maintain the operational integrity, security, and compliance of our secured room facilities. This role is critical in supporting ongoing monitoring, access control, and administrative processes to ensure the highest standards of safety and regulatory compliance are met.

Your Role

• Conduct monthly inspection of access logs and CCTV reviews to ensure adherence to security protocols.
• Manage user access applications on a bi-weekly or ad hoc basis, in line with corporate access governance procedures.
• Complete and maintain a monthly secured room checklist, covering physical and operational controls.
• Perform monthly access inventory assessments, including user recertification activities. • Address administrative and technical issues such as network or hardware incidents on an ad hoc basis.
• Coordinate monitoring and inspection of the Foshan secured room (monthly and as needed).
• Perform daily monitoring of security guard performance and escalate concerns when appropriate.
• Assist in implementing security control enhancements such as mobile device management (MDM), two-factor authentication (2FA), and ID verification improvements

To Succeed in this Role

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Minimum of 3 years of experience in information security, risk management, or a related role.
• Knowledge of network security principles and incident response procedures.
• Excellent analytical skills with the ability to assess security risks and implement effective mitigation strategies.
• Strong problem-solving abilities to address technical and administrative issues as they arise.
• Effective verbal and written communication skills to convey security policies and procedures clearly to stakeholders.

• Seniority level Mid-Senior level

• Employment type Contract

• Job function Information Technology
• Industries Software Development, Information Services, and Technology, Information and Media

Referrals increase your chances of interviewing at PCCW by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Information Security Manager role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established organization within the financial services sector. With a large workforce and a solid market presence in Hong Kong, they are committed to maintaining high standards in technology and information security.

As a 'Manager, Information Security,' your main responsibilities will include:

• Overseeing the implementation and maintenance of the bank's information security systems.
• Conducting regular audits and risk assessments to ensure adherence to security protocols.
• Developing and implementing information security policies and procedures.
• Training and mentoring staff on information security best practices.
• Conducting cybersecurity assessments, including penetration testing and infrastructure/web application reviews.
• Managing and maintaining security systems such as firewalls, NAC, IPS, and SIEM.
• Leading and coordinating information security projects across departments.
• Managing incident responses and investigations into security breaches.
• Staying updated on the latest trends and developments in information security.
• Reporting on the status of information security to senior management.

A Successful 'Manager, Information Security' Should Have

• A degree in Computer Science, Information Security, or a related field.
• Proven experience in a managerial role within the field of information security.
• Familiarity with information security regulations and standards in the financial services industry.
• Exceptional leadership and communication skills.
• The ability to handle sensitive information with discretion and integrity.

• A competitive salary in the range of HKD 648,000 - HKD 792,000 per annum.
• Standard benefits package.
• The chance to work in a fast-paced, technology-driven environment within the financial services industry.
• Opportunities for career progression and professional development.
• A supportive and collaborative company culture.

We encourage all candidates who believe they can fulfill these responsibilities and possess the necessary qualifications and skills to apply. This is a fantastic opportunity to join a leading financial organization in Hong Kong and make a significant impact in the field of Information Security.

Contact: Alexis Wee

Quote job ref: JN-052025-6742617

• Mid-Senior level

• Full-time

• Information Technology and Engineering

• Financial Services, Accounting, and Banking

4 days ago Be among the first 25 applicants

We are seeking a diligent and proactive Information Security Officer to oversee and maintain the operational integrity, security, and compliance of our secured room facilities. This role is critical in supporting ongoing monitoring, access control, and administrative processes to ensure the highest standards of safety and regulatory compliance are met.

Your Role

• Conduct monthly inspection of access logs and CCTV reviews to ensure adherence to security protocols.
• Manage user access applications on a bi-weekly or ad hoc basis, in line with corporate access governance procedures.
• Complete and maintain a monthly secured room checklist, covering physical and operational controls.
• Perform monthly access inventory assessments, including user recertification activities. • Address administrative and technical issues such as network or hardware incidents on an ad hoc basis.
• Coordinate monitoring and inspection of the Foshan secured room (monthly and as needed).
• Perform daily monitoring of security guard performance and escalate concerns when appropriate.
• Assist in implementing security control enhancements such as mobile device management (MDM), two-factor authentication (2FA), and ID verification improvements

To Succeed in this Role

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Minimum of 3 years of experience in information security, risk management, or a related role.
• Knowledge of network security principles and incident response procedures.
• Excellent analytical skills with the ability to assess security risks and implement effective mitigation strategies.
• Strong problem-solving abilities to address technical and administrative issues as they arise.
• Effective verbal and written communication skills to convey security policies and procedures clearly to stakeholders.

• Seniority level Mid-Senior level

• Employment type Contract

• Job function Information Technology
• Industries Software Development, Information Services, and Technology, Information and Media

Referrals increase your chances of interviewing at PCCW by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Information Security Manager role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established organization within the financial services sector. With a large workforce and a solid market presence in Hong Kong, they are committed to maintaining high standards in technology and information security.

As a 'Manager, Information Security,' your main responsibilities will include:

• Overseeing the implementation and maintenance of the bank's information security systems.
• Conducting regular audits and risk assessments to ensure adherence to security protocols.
• Developing and implementing information security policies and procedures.
• Training and mentoring staff on information security best practices.
• Conducting cybersecurity assessments, including penetration testing and infrastructure/web application reviews.
• Managing and maintaining security systems such as firewalls, NAC, IPS, and SIEM.
• Leading and coordinating information security projects across departments.
• Managing incident responses and investigations into security breaches.
• Staying updated on the latest trends and developments in information security.
• Reporting on the status of information security to senior management.

A Successful 'Manager, Information Security' Should Have

• A degree in Computer Science, Information Security, or a related field.
• Proven experience in a managerial role within the field of information security.
• Familiarity with information security regulations and standards in the financial services industry.
• Exceptional leadership and communication skills.
• The ability to handle sensitive information with discretion and integrity.

• A competitive salary in the range of HKD 648,000 - HKD 792,000 per annum.
• Standard benefits package.
• The chance to work in a fast-paced, technology-driven environment within the financial services industry.
• Opportunities for career progression and professional development.
• A supportive and collaborative company culture.

We encourage all candidates who believe they can fulfill these responsibilities and possess the necessary qualifications and skills to apply. This is a fantastic opportunity to join a leading financial organization in Hong Kong and make a significant impact in the field of Information Security.

Contact: Alexis Wee

Quote job ref: JN-052025-6742617

• Mid-Senior level

• Full-time

• Information Technology and Engineering

• Financial Services, Accounting, and Banking

Join to apply for the Principal, Information Security role at AIA Hong Kong and Macau

Continue with Google Continue with Google

Join to apply for the Principal, Information Security role at AIA Hong Kong and Macau

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.
To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.
If you believe in developing a better tomorrow, read on.
About The Role
This position plays a significant role in supporting management and Director of Information Security to promote and enhance the maturity of Information and cyber security of the organisation, as well as related business entities. This is to be done through a robust governance, Information security risk management and compliance programmes, coupled with well-planned communications and awareness-raising programmes tailored for different internal and external stakeholders. Therefore, while the individual taking up this role may not need to be an Information Security expert, he or she must be a quick learner who can grasp a wide range of IT/cyber security topics. The individual must also be a great communicator who can convey messages in English and Chinese involving highly technical IT/cyber risk concepts to all levels of staff (for instance, for awareness-raising campaigns) and to strategic stakeholders (such as regulators, auditors and corporate clients) in an efficient and professional manner.
(Daily operation) Regulatory and Information Security Compliance

• Develop and manage the Information security governance framework & risk portfolio, which follows the AIA’s security standards and guidelines.
• Be the subject matter expert to provide advice on regulatory requirements related to information security.
  

• Lead and coordinate internal efforts to support compliance assessment against regulatory requirements and IT audits conducted by internal/external auditors;
• Coordinate inputs and craft accurate and appropriate responses to enquiries coming from regulators and auditors;
  

• Organise regular and frequent activities and develop localised materials to raise the awareness of staff at all levels on various cybersecurity controls and practices, and other topical issues of Information Security.
• Maintain and curate the internal Information Hub for education and sharing.
  

• Lead ad-hoc cross-functional teams on special projects or strategic initiatives relating to Information Security
• Communicate with group offices, business partners, corporate clients, IT vendors and external parties, as and when needed
  

• Degree holder in Computer Science, Information Systems, Business, Finance, Risk Management, or a related discipline.
• Minimum of 10 years of relevant and solid experience in Information Security risk management and control, gained from international financial institutions, professional firms or financial regulators.
• Holder of relevant IT audit professional qualification and/or IT security certificates preferred (such as CISA, CISM, CISSP etc.).
• Solid experience in handling cybersecurity assessments and IT audit-related assignments and familiar with relevant control requirements from different regulatory bodies such as Hong Kong Insurance Authority, Mandatory Provident Fund Schemes Authority, Macau AMCM etc.
• Excellent communication (written and oral) skills, and demonstratable experience as a highly effective facilitator of cross functional teams.
• Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment.
• Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically when solving problems.
• You are required to obtain the relevant licence(s) if your job involves regulated activities.
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Insurance

Referrals increase your chances of interviewing at AIA Hong Kong and Macau by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

Eastern District, Hong Kong SAR 1 hour ago

Shenzhen, Guangdong, China CN¥45,000 - CN¥5,000 2 years ago

Shenzhen, Guangdong, China CN 5,000 - CN 0,000 1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Manager/Associate Director, Cyber Security (Strategy, Governance & Risk), Technology Consulting role at KPMG China

1 year ago Be among the first 25 applicants

Join to apply for the Manager/Associate Director, Cyber Security (Strategy, Governance & Risk), Technology Consulting role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.

Service Line Overview

At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.

KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.

Our wide range of projects includes Cyber Strategy, Cyber Digital Transformation, Governance & Risk, as well as a growing presence in Attack & Penetration Tester or Ethical Hacker. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story.

We are now seeking Manager / Associate Director candidates for Cyber Security Team.

Key Responsibilities

• Lead cyber security engagements including security strategy, policy and architecture, information privacy and governance, certification and compliance, business and technology resilience and security testing.
• Communicate technical issues in business terms with senior management and deliver value using a pragmatic approach to the technical components of information security.
• Lead Cybersecurity Maturity Assessments and Cybersecurity Control Gap Remediation (covering the design and implementation of controls to address the people, process and technology risks) projects.
• Assess the IT security architecture across application, database, operating system, hardware platforms (including web and mobile) and network infrastructure -for vulnerabilities to cyber-attack
• Lead Cybersecurity Maturity Assessments by assessing cyber risk factors across 6 functional domains - Leadership & Governance, Human Factors, Information Risk Management, Business Continuity, Technology & Operations, Legal & Compliance
• Design and implement processes for Identity & Access Controls, Cyber Incident Management, Intrusion Detection, Threat Intelligence, Cyber Data Analytics, Security Monitoring, etc.
• Identify and communicate engagement findings to senior management and client personnel
• Provide strategic advice to our clients
• Take the lead role in continuously enhancing the existing cyber assessment methodologies.
• Drive marketing and training materials to help develop staff awareness within the company and communicate KPMG’s capabilities to clients
• Build and maintain relationships with existing and prospective clients, and develop / improve your network of business contacts
• Lead with scoping prospective engagements and developing proposals
• Take an active role in KPMG’s global community of security professionals, assist with research into vulnerabilities and develop our ability to perform security engagements
• Work with multi-level of our clients from C-level executives, senior and management staff to on-the-ground professionals
  
  
  

• Bachelor’s degree or above in cybersecurity, technology, engineering, or business studies with information systems major/minor from an accredited college / university along with deep interest in technology risk, security and IT governance will be considered
• 5+ years' experience, ideally within a professional services environment or internal consultancy function delivering cyber security related projects
• Experience in financial services is preferred
• Professional qualification holder will be preferrable (e.g. OSCP, CISSP, CRISC, CISA, CISM, PMP or other relevant qualifications)
• Prior consulting experience in information security preferred, ideally within a professional services environment or internal consultancy function delivering cyber security related services
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
• Has strong knowledge on the below skillsets are preferrable
• Interpersonal skills with a demonstrated ability to gain the confidence and respect of senior level executives
• Client services orientation and accustomed to taking an active role in executing client engagements
• Analytical skills and the ability to develop thought leadership publications
• Knowledge of enterprise technologies, especially networking principles and internet-based technologies, with self-motivated learning ability
• Knowledge of internet application security, including common internet application vulnerabilities and network architecture to support internet applications
• Knowledge base in operations, enterprise networking, operating systems and database security evaluation and architecture
• Knowledge of IT security vendor products
• Candidate with less experience will be considered as Manager
• Additional Qualifications for Associate Director
• A minimum of eight years of relevant experience
• Demonstrated ability to build market presence, identify business opportunities, lead project engagements, attract new business, and build lasting professional relationships with senior client executives
  
  
  

• Well-structured career development and learning path, 1-to-1 coaching by our partners
• Access to various learning resources
• Wide exposure to working with leading financial institutions and multi-national corporations
• Continuous sponsorship and support on professional certificate development
• Work in a passionate team with blended technology risk and cybersecurity talents
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

Shenzhen, Guangdong, China CN¥20,000.00-CN¥30,000.00 2 years ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Manager/Associate Director, Cyber Security (Strategy, Governance & Risk), Technology Consulting role at KPMG China

1 year ago Be among the first 25 applicants

Join to apply for the Manager/Associate Director, Cyber Security (Strategy, Governance & Risk), Technology Consulting role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.
Service Line Overview
At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.
KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.
Our wide range of projects includes Cyber Strategy, Cyber Digital Transformation, Governance & Risk, as well as a growing presence in Attack & Penetration Tester or Ethical Hacker. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story.
We are now seeking Manager / Associate Director candidates for Cyber Security Team.
Key Responsibilities

• Lead cyber security engagements including security strategy, policy and architecture, information privacy and governance, certification and compliance, business and technology resilience and security testing.
• Communicate technical issues in business terms with senior management and deliver value using a pragmatic approach to the technical components of information security.
• Lead Cybersecurity Maturity Assessments and Cybersecurity Control Gap Remediation (covering the design and implementation of controls to address the people, process and technology risks) projects.
• Assess the IT security architecture across application, database, operating system, hardware platforms (including web and mobile) and network infrastructure -for vulnerabilities to cyber-attack
• Lead Cybersecurity Maturity Assessments by assessing cyber risk factors across 6 functional domains - Leadership & Governance, Human Factors, Information Risk Management, Business Continuity, Technology & Operations, Legal & Compliance
• Design and implement processes for Identity & Access Controls, Cyber Incident Management, Intrusion Detection, Threat Intelligence, Cyber Data Analytics, Security Monitoring, etc.
• Identify and communicate engagement findings to senior management and client personnel
• Provide strategic advice to our clients
• Take the lead role in continuously enhancing the existing cyber assessment methodologies.
• Drive marketing and training materials to help develop staff awareness within the company and communicate KPMG’s capabilities to clients
• Build and maintain relationships with existing and prospective clients, and develop / improve your network of business contacts
• Lead with scoping prospective engagements and developing proposals
• Take an active role in KPMG’s global community of security professionals, assist with research into vulnerabilities and develop our ability to perform security engagements
• Work with multi-level of our clients from C-level executives, senior and management staff to on-the-ground professionals
  

• Bachelor’s degree or above in cybersecurity, technology, engineering, or business studies with information systems major/minor from an accredited college / university along with deep interest in technology risk, security and IT governance will be considered
• 5+ years' experience, ideally within a professional services environment or internal consultancy function delivering cyber security related projects
• Experience in financial services is preferred
• Professional qualification holder will be preferrable (e.g. OSCP, CISSP, CRISC, CISA, CISM, PMP or other relevant qualifications)
• Prior consulting experience in information security preferred, ideally within a professional services environment or internal consultancy function delivering cyber security related services
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
• Has strong knowledge on the below skillsets are preferrable
• Interpersonal skills with a demonstrated ability to gain the confidence and respect of senior level executives
• Client services orientation and accustomed to taking an active role in executing client engagements
• Analytical skills and the ability to develop thought leadership publications
• Knowledge of enterprise technologies, especially networking principles and internet-based technologies, with self-motivated learning ability
• Knowledge of internet application security, including common internet application vulnerabilities and network architecture to support internet applications
• Knowledge base in operations, enterprise networking, operating systems and database security evaluation and architecture
• Knowledge of IT security vendor products
• Candidate with less experience will be considered as Manager
• Additional Qualifications for Associate Director
• A minimum of eight years of relevant experience
• Demonstrated ability to build market presence, identify business opportunities, lead project engagements, attract new business, and build lasting professional relationships with senior client executives
  

• Well-structured career development and learning path, 1-to-1 coaching by our partners
• Access to various learning resources
• Wide exposure to working with leading financial institutions and multi-national corporations
• Continuous sponsorship and support on professional certificate development
• Work in a passionate team with blended technology risk and cybersecurity talents
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

Shenzhen, Guangdong, China CN¥20,000.00-CN¥30,000.00 2 years ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

2 days ago Be among the first 25 applicants

We are seeking a highly capable and experienced professional with approximately 10 years of experience in cybersecurity governance, and IT audit and security assessment support. This role focuses on leading security assessments in collaboration with technical teams, reviewing and translating technical findings into clear and impactful reports for clients, regulators, and senior management. The ideal candidate will possess strong analytical skills, excellent communication abilities, and a solid understanding of security controls across various technology domains.

Your Role

• Lead and coordinate security assessments across infrastructure, applications, and cloud environments, working closely with technical SMEs.
• Interface with technical teams to understand control implementation and translate findings into governance insights.
• Prepare high-quality security reports and presentations tailored for client and senior stakeholders.
• Support responses to client and regulatory security inquiries, ensuring accuracy, clarity, and timely delivery.
• Support the development of security reporting and risk metrics
• Contribute to the development and refinement of security policies, standards, and procedures.
• Support audit and assessment activities, including evidence collection and coordination with internal teams.
• Promote security awareness and contribute to training initiatives across the organization.

To Succeed in this Role

• Minimum 10 years of experience in cybersecurity governance, technology risk, or audit-related roles.
• Strong understanding of security controls across infrastructure, application, and cloud domains.
• Proven ability to work with technical teams and translate technical content into business-friendly reporting.
• Experience in preparing client-facing documentation and presentations.
• Excellent written and verbal communication skills in English.
• Familiarity with regulatory frameworks and standards (e.g., ISO 27001, NIST, CIS).
• Relevant certifications such as CISM, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.

Preferred Attributes

• Experience in regulated industries such as finance, healthcare, or insurance.
• Strong stakeholder engagement and coordination skills.
• Detail-oriented with a proactive and structured approach to governance.
• Familiarity with GRC

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development, Information Services, and Technology, Information and Media

Referrals increase your chances of interviewing at PCCW by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.