What Jobs are available for Security Governance in Hong Kong?

General Job Scope:

Strengthening Identity and Access Management (IAM) governance, overseeing vulnerability management practices, and supporting the implementation of security controls to protect critical assets and data.

• Lead the execution of information security projects, including IAM enhancements and vulnerability remediation initiatives.
• Improve the awareness of the senior management, business users and IT professional on the technology threat the company is facing and more sensitive on protecting customers' interest and privacy.
• Maintain up-to-date knowledge of information security policies, standards, and guidelines, and ensure their effective implementation in local applications to safeguard the integrity, confidentiality, and availability of IT systems and data across the organization.
• Maintain effective communication and influential partnership with strategic key stakeholders.
• Upgrade information security level with the alignment to company standards and guidelines and develop technology governance programmes to uplift company's technology resilience level.
• Address business disruption or service outage proactively and prevent from re-occurrence.
• Establish and maintain processes to identify technology risks and potential breaches, ensuring continuous protection of assets and information.
• Conduct IAM operations and reviews to ensure proper access provisioning, role-based access control, and periodic access certifications in alignment with compliance and audit requirements.
• Oversee vulnerability management activities, including regular scanning, risk assessment, prioritization, and coordination of remediation efforts with relevant teams.
• Drive improvements in security assessment practices, including application and infrastructure reviews, and recommend actionable enhancements.
• Consolidate and track remediation progress for audit findings, with a focus on IAM and vulnerability-related issues, ensuring timely closure and compliance.
• Govern regular assessments of applications and systems, and provide recommendations to strengthen security posture and reduce risk exposure.
• Require to obtain relevant licence(s) if the job involves regulated activities.

Requirements

• Bachelor's degree in Computer Science, Information Systems, or related disciplines preferred.
• 7-10 years of experience in information security governance or related control functions within the financial sector.
• An influencer and facilitator; able to build strong interpersonal relationships, and inform, guide and motivate stakeholders and technology experts at different levels to address risks with due care and attention to detail.
• Strong communication skills; able to explain risks that are often complex and obscure to non-specialists; a good listener who can understand stakeholders' concerns;Hands-on experience in developing scripts or tools using Python to support security automation, data analysis, or process improvement.
• Strong understanding of IAM principles and vulnerability management practices.
• Prior experience in IT risk control, audit, or project management is an advantage.
• Ability to work independently and manage tasks under tight deadlines.

General Job Scope:

Strengthening Identity and Access Management (IAM) governance, overseeing vulnerability management practices, and supporting the implementation of security controls to protect critical assets and data.

• Lead the execution of information security projects, including IAM enhancements and vulnerability remediation initiatives.
• Improve the awareness of the senior management, business users and IT professional on the technology threat the company is facing and more sensitive on protecting customers' interest and privacy.
• Maintain up-to-date knowledge of information security policies, standards, and guidelines, and ensure their effective implementation in local applications to safeguard the integrity, confidentiality, and availability of IT systems and data across the organization.
• Maintain effective communication and influential partnership with strategic key stakeholders.
• Upgrade information security level with the alignment to company standards and guidelines and develop technology governance programmes to uplift company's technology resilience level.
• Address business disruption or service outage proactively and prevent from re-occurrence.

• Establish and maintain processes to identify technology risks and potential breaches, ensuring continuous protection of assets and information.

• Conduct IAM operations and reviews to ensure proper access provisioning, role-based access control, and periodic access certifications in alignment with compliance and audit requirements.

• Oversee vulnerability management activities, including regular scanning, risk assessment, prioritization, and coordination of remediation efforts with relevant teams.
• Drive improvements in security assessment practices, including application and infrastructure reviews, and recommend actionable enhancements.
• Consolidate and track remediation progress for audit findings, with a focus on IAM and vulnerability-related issues, ensuring timely closure and compliance.
• Govern regular assessments of applications and systems, and provide recommendations to strengthen security posture and reduce risk exposure.
• Require to obtain relevant licence(s) if the job involves regulated activities.

Requirements

• Bachelor's degree in Computer Science, Information Systems, or related disciplines preferred.
• 7-10 years of experience in information security governance or related control functions within the financial sector.
• An influencer and facilitator; able to build strong interpersonal relationships, and inform, guide and motivate stakeholders and technology experts at different levels to address risks with due care and attention to detail.
• Strong communication skills; able to explain risks that are often complex and obscure to non-specialists; a good listener who can understand stakeholders' concerns;Hands-on experience in developing scripts or tools using Python to support security automation, data analysis, or process improvement.
• Strong understanding of IAM principles and vulnerability management practices.
• Prior experience in IT risk control, audit, or project management is an advantage.
• Ability to work independently and manage tasks under tight deadlines.

1. Purpose of the Position/ Job Summary

2. Assist IT Security Governance team to strengthen IT Security of the bank to improve oversight of technology and cybersecurity risk and support the rapid Fintech initiatives

3. Assist in independent assessment with external assessor for critical IT projects

4. Manage evidence collection and remediation actions for audits as well as other regulatory reviews

5. Key Responsibilities

Governance

· Assist IT Security Governance team to strengthen IT Security of the bank to improve oversight of technology and cybersecurity risk and support the rapid Fintech initiatives.

· Participate in establishing security standard and guideline for emerging technology and IT solution.

· Assist the Key Risk Indicator (KRI) monitoring and reporting.

Risk

· Review technology deviation and liaise with other IT teams for remediation.

· Participate in 3rd party and network connection risk assessment with the team.

· Assist in independent assessment with external assessor for critical IT projects.

Compliance

· Manage remediation actions for audit as well as other regulatory reviews including HKMA, MAS, SWIFT, PCI etc.

· Facilitate the successful implementation of actions required by HKMA's Cybersecurity Fortification Initiative (CFI) 2.0 including C-RAF and i-CAST, internal audit and external audits.

· Perform security assurance monitoring and testing to ensure key controls are effective.

1. Job Specifications

2. Knowledge, Skill & Attributes

1. Business Knowledge

· Enthusiastic to pursue a promising career in IT security, Cybersecurity, IT audit or technology risk

· Have good understanding of basic technology knowledge

· Willing to learn and work in a dynamic environment

· Good team player and self-motivated character

· Good command of spoken and written English and Chinese

2. Intellectual Capabilities

· Analytical Thinking & Problem Solving: analyze problems, identify root causes; probe for further information

· Continuous Improvement: Demonstrate commitment to qualify and continuous improvement

· Able to coordinate own/others' time, resources and workload

3. Interpersonal Skills, Adversity and Change Management

· Teamwork: Share experience and expertise with team members, understand group dynamics

· Communication: Express complex ideas succinctly and persuasively

Proficiency in written and spoken English and Chinese and Mandarin

1. Academic and Professional Qualification

· Graduates with a bachelor/master's degree, preferably in IT/IS management, technology related, Audit or Information Security.

1. Training and Relevant Experiences

· Minimum 2 years of experience in IT Security or security related audit

Interested parties please email a MS Word version resume and expected salary to    and quote the job reference no.

·    Assist IT Security Governance team to strengthen IT Security of the bank to improve oversight of technology and cybersecurity risk and support the rapid Fintech initiatives

·    Assist in independent assessment with external assessor for critical IT projects

·    Assist the Key Risk Indicator (KRI) monitoring and reporting

·    Review technology deviation and liaise with other IT teams for remediation

·    Participate in 3rd party and network connection risk assessment with the team

·    Manage remediation actions for audit as well as other regulatory reviews including HKMA, MAS, SWIFT, PCI etc.

·    Facilitate the successful implementation of actions required by HKMA's Cybersecurity Fortification Initiative (CFI) 2.0 including C-RAF and i-CAST, internal audit and external audits

·    Manage evidence collection and remediation actions for audits as well as other regulatory reviews

Job Requirement:

· Graduates with a bachelor/master's degree, preferably in IT/IS management, technology related, Audit or Information Security

· Minimum 2 years of experience in IT Security or security related audit

·    Enthusiastic to pursue a promising career in IT security, Cybersecurity, IT audit or technology risk

· Analytical Thinking & Problem Solving: analyze problems, identify root causes; probe for further information

· Continuous Improvement: Demonstrate commitment to qualify and continuous improvement

· Proficiency in written and spoken English and Chinese and Mandarin

About Us:

Founded in 1956, Maxim's Group is one of Asia's leading food and beverage companies, operating Chinese, Western, Japanese and Southeast Asian restaurants, quick service outlets, bakery shops and cafes, and an institutional catering service. Maxim's Group also produces a range of festive products, including the award-winning Hong Kong MX Mooncakes, and is a licensee of Starbucks Coffee, Genki Sushi, IPPUDO, The Cheesecake Factory and Shake Shack in various territories. Altogether, the Group has over 40,000 employees and 2,000 outlets in HK, China and South East Asia.

Proud of our heritage and humbled by our success, we are committed to a sustainable and innovative future. To learn more about Maxim's, visit

Job Responsibilities:

• Conduct technical security assessments on IT and digital initiatives, with a focus on application security
• Identify and mitigate security vulnerabilities in applications, APIs, and software development processes
• Collaborate with development teams to integrate security practices into the Software Development Lifecycle (SDLC) and CI/CD pipelines
• Develop and enforce secure coding standards and guidelines for application development
• Assess and implement tools and technologies for application security testing (e.g., SAST, DAST, SCA)
• Provide awareness training on application security best practices
• Investigate and manage application-related cybersecurity incidents
• Stay updated on emerging application security threats and trends to proactively address risks
• Assist in defining technical solutions to protect company assets, with a focus on application security
• Regularly review internal policies and global standards (e.g., NIST, ISO 27001, PCI DSS) to ensure ongoing compliance
• Assist IT teams in internal and external audits, including pre-audit review, liaison with auditors and stakeholders, and post-audit follow-up
• Investigate and manage cyber security incidents

Job Requirements:

• Minimum 8 years or more of hands-on experience in application security, preferably in a sizable organization with a regional presence in AP (e.g., China, Southeast Asian Market)
• Strong practical experience in application security testing, vulnerability management, and secure coding practices
• Familiarity with application security tools (e.g., Burp Suite, Veracode, SonarQube, OWASP ZAP) and methodologies (e.g., OWASP Top 10)
• Knowledge of integrating security into DevOps practices (DevSecOps) and CI/CD pipelines
• Excellent communication and interpersonal skills to collaborate with development teams and stakeholders
• Proactive, problem-solving mindset with the ability to work under pressure
• Possession of relevant certifications (e.g., OSCP, CISSP, CEH, GWAPT, CSSLP) is a strong advantage

Interested parties please apply with full resume, state current and expected salaries by clicking "Apply Now".

All applications and data collected will be treated in strict confidence and used exclusively for recruitment purposes. Only short listed candidates will be invited for interview. The company will retain the applications for a maximum period of 24 months and may refer suitable candidates to other vacancies within the Group.

·    Assist IT Security Governance team to strengthen IT Security of the bank to improve oversight of technology and cybersecurity risk and support the rapid Fintech initiatives

·    Assist in independent assessment with external assessor for critical IT projects

·    Assist the Key Risk Indicator (KRI) monitoring and reporting

·    Review technology deviation and liaise with other IT teams for remediation

·    Participate in 3rd party and network connection risk assessment with the team

·    Manage remediation actions for audit as well as other regulatory reviews including HKMA, MAS, SWIFT, PCI etc.

·    Facilitate the successful implementation of actions required by HKMA's Cybersecurity Fortification Initiative (CFI) 2.0 including C-RAF and i-CAST, internal audit and external audits

·    Manage evidence collection and remediation actions for audits as well as other regulatory reviews

Job Requirement:

· Graduates with a bachelor/master's degree, preferably in IT/IS management, technology related, Audit or Information Security

· Minimum 2 years of experience in IT Security or security related audit

·    Enthusiastic to pursue a promising career in IT security, Cybersecurity, IT audit or technology risk

· Analytical Thinking & Problem Solving: analyze problems, identify root causes; probe for further information

· Continuous Improvement: Demonstrate commitment to qualify and continuous improvement

· Proficiency in written and spoken English and Chinese and Mandarin

Job Description:

• Minimum of 4 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

About Pure Software:

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world's top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

Job Purpose:

Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

• Support security tools including network firewall, DLP, SIEM, vulnerability scanning,
• micro-segmentation
• Review the firewall rule change requests; conduct the modification or reject if the request
• may expose the Group to unacceptable risk
• Act as project manager role on information security projects
• Provide technical guidance to systems and network team regarding security configurations
• Analyse cybersecurity incidents and make recommendations on remedial actions.
• Define and design adequate security controls to maintain secure control environment.
• Conduct regular security assessment on systems, network and IT infrastructure
• Provide security advisory service to stakeholders on new initiatives and development
• projects.
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill
• in regular basis.
• Monitor and govern external service providers, including both outsourcing service
• providers and connected third parties, to deliver the services as per the Group's security
• requirements.

Incumbent Requirements:

• Minimum 6 years of relevant work experience in technology risk, information security
• and cybersecurity
• University graduate in Computer Science / Information Technology or equivalent.

• One or more certificates listed below:

• ISC2 Certified Information Security Professional (CISSP)

• ISACA Certified Information System Auditor (CISA)
• ISACA Certified Information Security Manager (CISM)
• ISC2 Certified Cloud Security Professional (CCSP)
• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and
• application security of finance/banking systems, in particular hands on experience in
• firewall management
• Experience in regulators' requirement on technology risk management including the
• Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls
• Framework of SWIFT
• Strong information security sense in relation to business requirements
• Mature, independent and able to deliver quality results under tight schedule

Please note that only shortlisted candidates will be notified.

Job Purpose:

Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

• Support security tools including network firewall, DLP, SIEM, vulnerability scanning, micro-segmentation;
• Review the firewall rule change requests; conduct the modification or reject if the request may expose the Group to unacceptable risk;
• Act as project manager role on information security projects;
• Provide technical guidance to systems and network team regarding security configurations;
• Analyse cybersecurity incidents and make recommendations on remedial actions;
• Define and design adequate security controls to maintain secure control environment;
• Conduct regular security assessment on systems, network and IT infrastructure;
• Provide security advisory service to stakeholders on new initiatives and development projects;
• Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill in regular basis;
• Monitor and govern external service providers, including both outsourcing service providers and connected third parties, to deliver the services as per the Group's security requirements.

Incumbent Requirements:

• Minimum 6 years of relevant work experience in technology risk, information security and cybersecurity;
• University graduate in Computer Science / Information Technology or equivalent;

• One or more certificates listed below:

• ISC2 Certified Information Security Professional (CISSP)

• ISACA Certified Information System Auditor (CISA)

• ISACA Certified Information Security Manager (CISM)

• ISC2 Certified Cloud Security Professional (CCSP)

• Good knowledge in cybersecurity, Intrusion Detection/Prevention System and application security of finance/banking systems, in particular hands on experience in firewall management;

• Experience in regulators' requirement on technology risk management including the Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls Framework of SWIFT;
• Strong information security sense in relation to business requirements;
• Mature, independent and able to deliver quality results under tight schedule.

Please note that only shortlisted candidates will be notified.