What Jobs are available for Security Lead in Hong Kong?

Control Risks is currently looking to hire a Regional Security Leader to support a global banking client, based in their Hong Kong office. The Cluster Security Lead will provide leadership and mentorship to a team of Country Security Managers and external vendors responsible for the physical security of branches, offices, and other facilities within the GCNA cluster (Mainland China, Korea, Japan, Hong Kong and Taiwan).

Role tasks and responsibilities:

• Primary responsibility is to keep the bank and its stakeholders safe.
• Oversee and provide expert guidance to ensure the smooth flow of security operations for all commercial, retail and data centre properties within the GCNA cluster.
• Plan, approve and oversee the delivery of security system and operational projects, including tracking and reporting on milestones.
• Manage performance and compliance of all Security Guarding and System partners to meet relevant standards and regulations, vendor capability assessment, negotiation of new/renewal of contracts, vetting, approval of quotations, setting and monitoring KPI's and SLA's
• Ensure all staff responsible for Security duties including vendors are trained and meet certification and qualification standards. Conduct region wide training and seminars as required.
• Draft and approve security processes and procedures and ensure alignment with Group standards.
• Conduct risk/audit assessment to ensure measures in relation to Security are implemented/executed in accordance to established processes and align with Group standards.
• Provide expert advice to all stakeholders in areas related to security.
• Represent security in incident, crisis and BCP phases. Lead critical post incident investigations, root cause analysis and follow up remediation plans.
• Review existing measures and recommend improvement plans to enhance security regime. This includes sourcing and evaluating new technology/processes in the market for possible implementation.
• Drafting and presenting of budget plan for approval.
• Coordinate and work with relevant Government Authorities/Ministries to implement programs/plans and to ensure the bank's policies and guidelines align with the regulatory requirement.
• Conduct event risk assessment and arrangement of security coverage for events including close protection of VVIPs.
• Monitoring of global situation and recommend/implement measures to curb arising trends to safeguard the interest of the Bank.
• Represent Security function in various regional forums such risk, crisis, incident, BCP, technology operations and other working groups.
• Support and facilitate the implementation of the partnership Security Playbook.
• Ongoing security risk and operational assessment to ensure compliance with bank standards, escalation of any issues and recommendations for mitigation.
• Monitor and manage the scope of security services and ensure any recommendations or stakeholder requests are properly aligned with account leadership and documented and approved through change request procedures.
• Create and maintain networks within the Bank and externally to be aware of industry changes, impacts upon and threats to the Bank.
• Regular engagement with senior stakeholders of the Bank and other account stakeholder to keep key issues in focus, immediately notify of any security issues and provide support to regional initiatives.

Requirements

• Bachelor's degree in Security Management, Criminal Justice, or a related field (or equivalent experience).
• 10+ years of prior commercial security and/or law enforcement related experience with a demonstrated track record of leadership and team management.
• Able to make effective and persuasive presentations on security training, concepts, and procedures to both staff, public groups, and senior management stakeholders.
• Proficiency in using security technology, incident management software, and communication systems.
• Strong analytical and problem-solving skills, with the ability to make sound decisions under pressure.
• Excellent communication skills, both written and verbal, for effective coordination and reporting.
• Proven ability to collaborate with diverse teams and adapt to dynamic situations.
• Knowledge of global security trends, best practices, and emerging technologies.
• English mandatory, Mandarin speaking would be an advantage

Control Risks is currently looking to hire a Regional Security Leader to support a global banking client, based in their Hong Kong office. The Security Lead will provide leadership and mentorship to a team of Country Security Managers and external vendors responsible for the physical security of branches, offices, and other facilities within the GCNA cluster (Mainland China, Korea, Japan, Hong Kong and Taiwan).

Role tasks and responsibilities:

• Primary responsibility is to keep the bank and its stakeholders safe.
• Oversee and provide expert guidance to ensure the smooth flow of security operations for all commercial, retail and data centre properties within the GCNA cluster.
• Plan, approve and oversee the delivery of security system and operational projects, including tracking and reporting on milestones.
• Manage performance and compliance of all Security Guarding and System partners to meet relevant standards and regulations, vendor capability assessment, negotiation of new/renewal of contracts, vetting, approval of quotations, setting and monitoring KPI's and SLA's
• Ensure all staff responsible for Security duties including vendors are trained and meet certification and qualification standards. Conduct region wide training and seminars as required.
• Draft and approve security processes and procedures and ensure alignment with Group standards.
• Conduct risk/audit assessment to ensure measures in relation to Security are implemented/ executed in accordance to established processes and align with Group standards.
• Provide expert advice to all stakeholders in areas related to security.
• Represent security in incident, crisis and BCP phases. Lead critical post incident investigations, root cause analysis and follow up remediation plans.
• Review existing measures and recommend improvement plans to enhance security regime. This includes sourcing and evaluating new technology/ processes in the market for possible implementation.
• Drafting and presenting of budget plan for approval.
• Coordinate and work with relevant Government Authorities/Ministries to implement programs/plans and to ensure the bank's policies and guidelines align with the regulatory requirement.
• Conduct event risk assessment and arrangement of security coverage for events including close protection of VVIPs.
• Monitoring of global situation and recommend/implement measures to curb arising trends to safeguard the interest of the Bank.
• Represent Security function in various regional forums such risk, crisis, incident, BCP, technology operations and other working groups.
• Support and facilitate the implementation of the partnership Security Playbook.
• Ongoing security risk and operational assessment to ensure compliance with bank standards, escalation of any issues and recommendations for mitigation.
• Monitor and manage the scope of security services and ensure any recommendations or stakeholder requests are properly aligned with account leadership and documented and approved through change request procedures.
• Create and maintain networks within the Bank and externally to be aware of industry changes, impacts upon and threats to the Bank.
• Regular engagement with senior stakeholders of the Bank and other account stakeholder to keep key issues in focus, immediately notify of any security issues and provide support to regional initiatives.

Requirements:

• Bachelor's degree in Security Management, Criminal Justice, or a related field (or equivalent experience).
• 10+ years of prior commercial security and/or law enforcement related experience with a demonstrated track record of leadership and team management.
• Have extensive experience working in the GCNA region and the ability to communicate effectively in English and Mandarin Chinese.
• Able to make effective and persuasive presentations on security training, concepts, and procedures to both staff, public groups, and senior management stakeholders.
• Proficiency in using security technology, incident management software, and communication systems.
• Strong analytical and problem-solving skills, with the ability to make sound decisions under pressure.
• Excellent communication skills, both written and verbal, for effective coordination and reporting.
• Proven ability to collaborate with diverse teams and adapt to dynamic situations.
• Knowledge of global security trends, best practices, and emerging technologies.

Cathay Pacific

Digital & Information Technology

Information Technology Department

Contract

Hong Kong SAR (China)

Application deadline: 13 Nov 2025

Report To: IT Security Assurance Senior Lead

This role is part of our Information Technology department, committed to upholding the highest standards of digital security and operational excellence.

As the Security Assurance Lead, you will be responsible for developing and managing security assessments and IT security testing to ensure that all initiatives, contracts, and applications are thoroughly evaluated for inherent risks and comply with established security standards.

With your leadership experience and technical expertise, you will guide a team to implement best practices, deliver assurance engagements, and collaborate with a diverse set of stakeholders. This role offers a dynamic environment with structured career progression and the opportunity to make a meaningful impact on our organization's security posture.

• Lead IT Risk and Security assessments and ensure mitigation items are tracked and addressed, maintaining oversight of risk posture across projects and operations
• Communicate residual risks, vulnerabilities, and security exposures—including misuse of information assets and noncompliance—to senior management, enabling informed decision-making and prioritization
• Provide subject matter expertise in resolving reported security incidents, offering guidance and technical input to ensure timely and effective remediation
• Evaluate risks and threats associated with exception-based security requests, advising business units on appropriate mitigation strategies to balance operational needs and security requirements
• Proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation techniques, and industry best practices to ensure the organization's security posture remains resilient and adaptive
• Mentor and manage team members, fostering professional development, accountability, and alignment with security objectives and organizational goals
• Develop security frameworks for IT Risk and Security Analysts, including cloud security assessments, contractual requirements, and risk assessment methodologies, to standardize and strengthen assurance practices
• Define and maintain assessment and testing procedures, guidelines, and frameworks, while driving efficiencies by industrializing control assessments and adapting to changes in security standards and operating environments
• Oversee vendor management and testing tools, ensuring quality delivery, alignment with security requirements, and effective use of resources across multiple projects and BAU activities
• Empower the security testing discipline by implementing robust frameworks and processes, managing test execution quality, coordinating internal and vendor resources, promoting secure coding practices, and conducting training to elevate security assurance across the organization

• 5-7 years' experience relevant experience in Assurances and Testing area with team leading experience; Proven management experience is a plus
• For assessments- Solid competencies in information security processes, framework and technologies, IT Risk Assessment and Certification in assessment and risk discipline such as CISSP, CRISC, CISM, CISA
• Knowledge of Information security standards (e.g. ISO27001) and Privacy Regulations
• For Testing - Solid competencies in information security processes, framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP, NIST, OSSTMM, OSINT etc.
• Strong knowledge of security-related attacks, security testing methodologies, standards and assessment tools; Solid experience in vendor management; Advanced knowledge on security solutions and tools
• Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact
• Strong interpersonal skills and able to maintain good relationship with others; Strong experience in vendor management
• Proactive and willing to accept and drive changes to accomplish positive outcomes
• Well-developed analytical, problem-solving, and decision-making skills; strong troubleshooting skills; ability to identify patterns and generate ideas
• Focus on the end users or customers' needs; ability to set expectations and understand end user behaviour

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods.

Role Introduction

Report To: IT Security Assurance Senior Lead

Department: Information Technology Department

This role is part of our Information Technology department, committed to upholding the highest standards of digital security and operational excellence.

As the Security Assurance Lead, you will be responsible for developing and managing security assessments and IT security testing to ensure that all initiatives, contracts, and applications are thoroughly evaluated for inherent risks and comply with established security standards.

With your leadership experience and technical expertise, you will guide a team to implement best practices, deliver assurance engagements, and collaborate with a diverse set of stakeholders. This role offers a dynamic environment with structured career progression and the opportunity to make a meaningful impact on our organization's security posture.

Key Responsibilities

• Lead IT Risk and Security assessments and ensure mitigation items are tracked and addressed, maintaining oversight of risk posture across projects and operations
• Communicate residual risks, vulnerabilities, and security exposures—including misuse of information assets and noncompliance—to senior management, enabling informed decision-making and prioritization
• Provide subject matter expertise in resolving reported security incidents, offering guidance and technical input to ensure timely and effective remediation
• Evaluate risks and threats associated with exception-based security requests, advising business units on appropriate mitigation strategies to balance operational needs and security requirements
• Proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation techniques, and industry best practices to ensure the organization's security posture remains resilient and adaptive
• Mentor and manage team members, fostering professional development, accountability, and alignment with security objectives and organizational goals
• Develop security frameworks for IT Risk and Security Analysts, including cloud security assessments, contractual requirements, and risk assessment methodologies, to standardize and strengthen assurance practices
• Define and maintain assessment and testing procedures, guidelines, and frameworks, while driving efficiencies by industrializing control assessments and adapting to changes in security standards and operating environments
• Oversee vendor management and testing tools, ensuring quality delivery, alignment with security requirements, and effective use of resources across multiple projects and BAU activities
• Empower the security testing discipline by implementing robust frameworks and processes, managing test execution quality, coordinating internal and vendor resources, promoting secure coding practices, and conducting training to elevate security assurance across the organization

Requirements

• 5-7 years' experience relevant experience in Assurances and Testing area with team leading experience; Proven management experience is a plus
• For assessments- Solid competencies in information security processes, framework and technologies, IT Risk Assessment and Certification in assessment and risk discipline such as CISSP, CRISC, CISM, CISA
• Knowledge of Information security standards (e.g. ISO27001) and Privacy Regulations
• For Testing - Solid competencies in information security processes, framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP, NIST, OSSTMM, OSINT etc.
• Strong knowledge of security-related attacks, security testing methodologies, standards and assessment tools; Solid experience in vendor management; Advanced knowledge on security solutions and tools
• Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact
• Strong interpersonal skills and able to maintain good relationship with others; Strong experience in vendor management
• Proactive and willing to accept and drive changes to accomplish positive outcomes
• Well-developed analytical, problem-solving, and decision-making skills; strong troubleshooting skills; ability to identify patterns and generate ideas
• Focus on the end users or customers' needs; ability to set expectations and understand end user behaviour

Application Deadline: 13 Nov 2025

Personal & Application Information

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods.

Cathay Pacific

Digital & Information Technology

Information Technology Department

Permanent

Hong Kong SAR (China)

Application deadline: 13 Oct 2025

Report To: IT Security Assurance Senior Lead

This role is part of our Information Technology department, committed to upholding the highest standards of digital security and operational excellence.

As the Security Assurance Lead, you will be responsible for developing and managing security assessments and IT security testing to ensure that all initiatives, contracts, and applications are thoroughly evaluated for inherent risks and comply with established security standards.

With your leadership experience and technical expertise, you will guide a team to implement best practices, deliver assurance engagements, and collaborate with a diverse set of stakeholders. This role offers a dynamic environment with structured career progression and the opportunity to make a meaningful impact on our organization's security posture.

• Lead IT Risk and Security assessments and ensure mitigation items are tracked and addressed, maintaining oversight of risk posture across projects and operations
• Communicate residual risks, vulnerabilities, and security exposures—including misuse of information assets and noncompliance—to senior management, enabling informed decision-making and prioritization
• Provide subject matter expertise in resolving reported security incidents, offering guidance and technical input to ensure timely and effective remediation
• Evaluate risks and threats associated with exception-based security requests, advising business units on appropriate mitigation strategies to balance operational needs and security requirements
• Proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation techniques, and industry best practices to ensure the organization's security posture remains resilient and adaptive
• Mentor and manage team members, fostering professional development, accountability, and alignment with security objectives and organizational goals
• Develop security frameworks for IT Risk and Security Analysts, including cloud security assessments, contractual requirements, and risk assessment methodologies, to standardize and strengthen assurance practices
• Define and maintain assessment and testing procedures, guidelines, and frameworks, while driving efficiencies by industrializing control assessments and adapting to changes in security standards and operating environments
• Oversee vendor management and testing tools, ensuring quality delivery, alignment with security requirements, and effective use of resources across multiple projects and BAU activities
• Empower the security testing discipline by implementing robust frameworks and processes, managing test execution quality, coordinating internal and vendor resources, promoting secure coding practices, and conducting training to elevate security assurance across the organization

• 5-7 years' experience relevant experience in Assurances and Testing area with team leading experience
• For assessments - Certification in penetration testing discipline such as OSCP, SANS-GWAPT, OSEP, OSWE, OSCE, CEH
• For Testing - Solid competencies in information security processes, framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP, NIST, OSSTMM, OSINT etc.
• Strong knowledge of security-related attacks, security testing methodologies, standards and assessment tools; Solid experience in vendor management; Advanced knowledge on security solutions and tools
• Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact

Strong interpersonal skills and able to maintain good relationship with others
- Proven management experience is a plus
- Proactive and willing to accept and drive changes to accomplish positive outcomes
- Well-developed analytical, problem-solving, and decision-making skills; strong troubleshooting skills; ability to identify patterns and generate ideas
- Focus on the end users or customers' needs; ability to set expectations and understand end user behaviour

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods.

Role Introduction

Report To: IT Security Assurance Senior Lead

Department: Information Technology Department

This role is part of our Information Technology department, committed to upholding the highest standards of digital security and operational excellence.

As the Security Assurance Lead, you will be responsible for developing and managing security assessments and IT security testing to ensure that all initiatives, contracts, and applications are thoroughly evaluated for inherent risks and comply with established security standards.

With your leadership experience and technical expertise, you will guide a team to implement best practices, deliver assurance engagements, and collaborate with a diverse set of stakeholders. This role offers a dynamic environment with structured career progression and the opportunity to make a meaningful impact on our organization's security posture.

Key Responsibilities

• Lead IT Risk and Security assessments and ensure mitigation items are tracked and addressed, maintaining oversight of risk posture across projects and operations
• Communicate residual risks, vulnerabilities, and security exposures—including misuse of information assets and noncompliance—to senior management, enabling informed decision-making and prioritization
• Provide subject matter expertise in resolving reported security incidents, offering guidance and technical input to ensure timely and effective remediation
• Evaluate risks and threats associated with exception-based security requests, advising business units on appropriate mitigation strategies to balance operational needs and security requirements
• Proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation techniques, and industry best practices to ensure the organization's security posture remains resilient and adaptive
• Mentor and manage team members, fostering professional development, accountability, and alignment with security objectives and organizational goals
• Develop security frameworks for IT Risk and Security Analysts, including cloud security assessments, contractual requirements, and risk assessment methodologies, to standardize and strengthen assurance practices
• Define and maintain assessment and testing procedures, guidelines, and frameworks, while driving efficiencies by industrializing control assessments and adapting to changes in security standards and operating environments
• Oversee vendor management and testing tools, ensuring quality delivery, alignment with security requirements, and effective use of resources across multiple projects and BAU activities
• Empower the security testing discipline by implementing robust frameworks and processes, managing test execution quality, coordinating internal and vendor resources, promoting secure coding practices, and conducting training to elevate security assurance across the organization

Requirements

• 5-7 years' experience relevant experience in Assurances and Testing area with team leading experience
• For assessments - Certification in penetration testing discipline such as OSCP, SANS-GWAPT, OSEP, OSWE, OSCE, CEH
• For Testing - Solid competencies in information security processes, framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP, NIST, OSSTMM, OSINT etc.
• Strong knowledge of security-related attacks, security testing methodologies, standards and assessment tools; Solid experience in vendor management; Advanced knowledge on security solutions and tools
• Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact
  
  Strong interpersonal skills and able to maintain good relationship with others
• Proven management experience is a plus
• Proactive and willing to accept and drive changes to accomplish positive outcomes
• Well-developed analytical, problem-solving, and decision-making skills; strong troubleshooting skills; ability to identify patterns and generate ideas
• Focus on the end users or customers' needs; ability to set expectations and understand end user behaviour

Application Deadline: 13-Oct-2025

Personal & Application Information

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods.

Job Summary:

The Information Security Lead/Manager will play a critical role in enhancing our information security framework. This position requires a strategic leader with hands-on experience to implement and manage security protocols that protect our digital assets from internal and external threats.

Key Responsibilities:

• Develop and Maintain Policies: Create, implement, and review information security policies, including Acceptable Use Policies, to ensure robust data protection.
• Vulnerability Management: Oversee the full lifecycle of vulnerability management, from identification and risk assessment to remediation, ensuring timely resolution of security issues.
• Access Control Implementation: Design and enforce strict access controls, tracking and allocating user permissions to ensure appropriate data access.
• Risk Assessment and Compliance: Conduct regular security risk assessments and compliance checks against established frameworks (e.g., ISO to identify vulnerabilities and enhance security measures.
• Team Leadership: Lead and mentor the information security team, fostering a culture of continuous improvement and professional development.
• Stakeholder Engagement: Communicate security risks and strategies to stakeholders at all levels, translating technical findings into business language for informed decision-making.
• Incident Response Management: Act as the primary contact during security incidents, coordinating responses and recovery efforts across various teams.
• Security Awareness Promotion: Develop and implement training programs to raise awareness of security best practices among employees.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 5-8 years of experience in information security, with a focus on policy development and security management.
• Proven experience in vulnerability management, risk assessments, and security governance.
• Familiarity with security frameworks and standards, along with hands-on knowledge of security technologies.
• Relevant certifications such as CISSP, CISM, or CISA are highly desirable.
• Strong analytical and problem-solving skills, with exceptional communication abilities.

Responsibilities

Ocean Park Corporation is currently looking for talents to fill the following vacancies in our Security Operations team.

海洋公園現誠聘下列人材加入保安團隊的大家庭。

1. Security Guard (Overnight) 保安員(通宵更 – 2345hrs. to 0815hrs.)

• 負責執行夜更巡邏、交通控制及訪客登記
• 持有效保安人員許可證甲及乙級,無需工作經驗

• 流利廣東話、簡單英文及普通話

• 另有通宵當值津貼

• 能適應戶外工作 (每天工作8小時,平均每週44小時)

2. Senior Security Guard 高級保安員

• 負責執行巡邏、交通控制及訪客登記、維持公園秩序及遊客安全
• 持有效保安人員許可證甲及乙級,並具三年以上有關保安或紀律部隊工作經驗者優先考慮
• 流利廣東話、簡單英文及普通話

3. Security Guard In-Charge 保安督導員

• 負責日常保安系統工作,包括:巡邏、執行保安措施及記錄狀況、維持公園秩序,處理突發事件、協助文書等
• 持有效保安人員許可證甲及乙級,並具三年以上有關保安或紀律部隊工作經驗者優先考慮

• 具有基本電腦操作知識 (MS Word, Excel) 及中文輸入法

• 有豐富工作經驗者會被考慮為 保安監導 或 保安督導員

• 另有通宵當值津貼

• 能適應戶外工作及輪班工作 (每天工作8小時,平均每週44小時)

Recruitment 招聘日

日期:逢星期四(公眾假期除外)

時間:早上10時至中午12時;下午2時至下午4時

地點:海洋公園職員招聘中心 (正門入口 - 驗票閘門右側)

求職者請帶備以下文件:

• 近照
• 香港身份證
• 簽證身份書副本(如適用)
• 保安人員許可證甲及乙級
• 工作及學歷證明正副本

Full-time Staff Benefits 全職員工福利

• Staff Referral Bonus 職員推薦獎金* (高達$4,000)
• 13-month payment / Gratuity 年終雙糧/約滿酬金
• Marriage/Examination/Conservation/CSR Leave 結婚/考試/義工/保育假期
• Ocean Park and Water World Complimentary Tickets 海洋公園及水上樂園免費入場劵
• Staff In-Park Discounts 員工購票/購物折扣
• Staff Canteen 職員餐廳
• Staff Social Club 職員聯誼會
• Medical Insurance (Hospitalization & Outpatient) 醫療福利 (包括住院及門診)
• 14 days Paid Leave (Include Birthday Leave and Work Anniversary Leave) 14天有薪假期 (包括生日假期及工作周年假期)
• 17 days Public Holiday 17天公眾假期

For application and enquiry 申請及查詢:

招聘網站 Career Website:

WhatsApp:

Applicants not contacted within six weeks may consider their application unsuccessful. Personal data collected will be used for recruitment-related purpose only.

應徵者如在六星期內未獲邀請面試,將作落選論。所有收集資料只作招聘用途。

Job Purpose

This role involves the security policy and governance, security operation, infrastructure security monitoring, certificate and key management, and audit support and compliance.

Main Responsibilities

Security Policy and Governance:

• Develop, implement and maintain information security policies and procedures, and security configuration baselines.

Security Operation:

• Perform regular and ad-hoc security acceptance test on severs, network and security devices, databases against the established security configuration baselines.
• Perform regular security policy and ruleset review (including firewalls and other security tooling) to ensure only security protocols, ports and services are enabled and obsolete/redundant rules are timely removed.
• Monitor and manage security tools and systems (e.g., IDS/IPS, endpoint protection).
• Respond to security incidents and coordinate with relevant teams for resolution

Infrastructure Security and Monitoring:

• Configure and maintain security tooling (including for examples, end point detection and response, security incident and event management) for servers and endpoints
• Periodically check log for data leakage protection and endpoint protection for servers in data centres
• Implement and manage Splunk rulesets for log consolidation, monitoring, and security event review.

Certificate and Key Management:

• Manage lifecycle of digital certificates and encryption keys, including renewal, revocation, and secure storage.

Audit Support & Compliance:

• Take ownership of audit-related activities, including gathering reports and compiling evidence.
• Ensure timely and accurate delivery of audit materials and responses.

Requirements

Education and Qualification:

• A bachelor's degree / diploma in computer science, information technology, or a related field is often preferred.
• Possess one or more certificates in : CISSP / CISA / CISM / CCSP

Work Experience:

• Minimum 5-8 years of relevant experience in IT security, infrastructure security, or a similar role.
• Experience in banking industry is preferred.

Technical Skills:

• Experience supporting audit and compliance processes (e.g., internal/external audits, regulatory reviews).
• Strong understanding of network and infrastructure security, security policy frameworks and regulatory standards (e.g., ISO 27001, HKMA, SFC)

Personal Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and documentation abilities.
• Ability to work independently and in a team-oriented environment.
• Commitment to continuous learning and professional development.

Please note that only shortlisted candidates will be notified.