What Jobs are available for Technology Security in Hong Kong?

Security Professional-Security, Regulations, Risk & Compliance

We are currently looking for Manager / Assistant Manager, Technology Security & Risk for one of our most sizeable in-house clients.

Your new role

• Drive and manage technology risk mitigation initiatives, including facilitating Risk Control Self-Assessments and KRI.
• Define & track action plans against internal/external audit recommendations within the technology team.
• Facilitate regulatory review with technology team and regulators.
• Build key relationships with the various IT departments. Work in partnership in identifying and developing solutions to address key technology risk areas.
• Perform reviews to enhance controls and operational efficiency for technology operations processes.
• Coordinate trainings to promote risk management and compliance culture within the unit.
• Support BCP related exercises and produce exercise reports
• Identify residual risks, update and obtain risk approval
• Support outsourcing risk review, HKMA risk assessment
• Provide necessary project support if required

What you'll need to succeed

• Bachelor's degree in Information Technology, Risk Management, or related field.
• 3 to 5 years' relevant experience in banking and IT development or operation, and exposure in digital banking applications and cybersecurity
• Preferably with exposure in risk management and/or audit in banks or financial institutions
• Strong interpersonal relationship track record within IT and internal clients.
• Strong understanding of regulatory requirements (e.g., HKMA, MAS)
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO
• Relevant certifications (e.g., CISSP, CISM) are preferred but not mandatory.

What you need to do now

If you fulfil all the qualifications mentioned above and have the drive to succeed or are interested in similar roles within the Information Technology Sector, please contact me with an attached CV at , or please call

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.

If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.

Security Professional-Security, Regulations, Risk & Compliance

We are currently looking for Manager / Assistant Manager, Technology Security & Risk for one of our most sizeable in-house clients.

Your new role

• Drive and manage technology risk mitigation initiatives, including facilitating Risk Control Self-Assessments and KRI.
• Define & track action plans against internal/external audit recommendations within the technology team.
• Facilitate regulatory review with technology team and regulators.
• Build key relationships with the various IT departments. Work in partnership in identifying and developing solutions to address key technology risk areas.
• Perform reviews to enhance controls and operational efficiency for technology operations processes.
• Coordinate trainings to promote risk management and compliance culture within the unit.
• Support BCP related exercises and produce exercise reports
• Identify residual risks, update and obtain risk approval
• Support outsourcing risk review, HKMA risk assessment
• Provide necessary project support if required

What you'll need to succeed

• Bachelor's degree in Information Technology, Risk Management, or related field.
• 3 to 5 years' relevant experience in banking and IT development or operation, and exposure in digital banking applications and cybersecurity
• Preferably with exposure in risk management and/or audit in banks or financial institutions
• Strong interpersonal relationship track record within IT and internal clients.
• Strong understanding of regulatory requirements (e.g., HKMA, MAS)
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO
• Relevant certifications (e.g., CISSP, CISM) are preferred but not mandatory.

What you need to do now

If you fulfil all the qualifications mentioned above and have the drive to succeed or are interested in similar roles within the Information Technology Sector, please contact me with an attached CV at , or please call

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.

If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.

Job Description:

• Minimum of 4 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

About Pure Software:

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world's top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

Job Purpose

You will be responsible for carrying out information security functions and activities for the Technology function.

Responsibilities

• Protect the confidentiality, integrity and availability of all assets and systems through monitoring, detection, and analysis activities
• Review and assess information security requests to determine compliance with organizational policies and standards.
• Prepare and present cybersecurity-related reports, highlighting risks, incidents, and remediation efforts.
• Facilitate the annual recertification process for user access and security controls.
• Collaborate with IT teams to implement security measures, and remediate the audit findings
• Participate in and manage security-related projects to enhance overall security posture.
• Support Information security team to develop and implement security policies, procedures and guidelines
• Validate information security controls effectiveness and agreed deliverables to assure security standards/plans are achieved.
• Review the current IT Security solution and Security Policy to identify potential gaps within the organisation
• Undertake monitoring of security controls and policy adherence in line with Bupa policies based on ISO27001 and NIST Cybersecurity
• Monitor the security controls for security breaches and investigate violations
• Conduct risk and vulnerability assessment at the network, system and application level, and assess resulting impact on risk

Qualifications, Training and Experience

• Relevant Bachelor's/Master's degree holder from a recognized university
• 3-5 years of relevant work experience on managing security technologies
• Work experience in cloud security solution experience (Wiz preferred)
• Work experience in web proxy / SASE solutions (Palo Alto Prisma SASE preferred)
• Work experience cloud platforms (Azure, GCP preferred)
• Experience in managing security solutions, such as Wiz, Palo Alto Prisma, Zscaler, MS Defender, Imperva, Cloudfare
• Scripting skills, such as Terraforms, MS PowerShell, Python
• Good communication skills and the ability to collaborate well with across departments
• Able to demonstrate a positive, logical, and proactive approach while executing the assigned tasks
• Certification holder in information security (CISSP, CISA, etc.) will be an advantage.
• Ability to prioritize work and design schedules to meet the desired requirements

Bupa offers 5 days' work per week and comprehensive remuneration packages including base salary, study assistance plan, company pension plan, life and medical benefit, dental benefit, annual leave, examination leave, etc.

Bupa is an equal opportunity employer and welcomes applications from qualified candidates. Information provided will be treated in strict confidence and only be used for consideration of application with Bupa.

Personal data collected will be used for recruitment purposes only. Bupa will be in touch for any opportunities that matches your profile. All personal data of unsuccessful application will be destroyed 24 months from the date of receiving the application. Full version of Data Privacy Notice available upon request.

Key Responsibilities:

• Monitor and analyze security alerts and incidents to identify potential threats.
• Assist in conducting vulnerability assessments and penetration testing.
• Support the implementation of security measures and protocols.
• Maintain and update security documentation, including incident reports and risk assessments.
• Collaborate with IT teams to ensure compliance with security standards and best practices.
• Participate in security awareness training for staff.
• Stay up-to-date with the latest security trends and technologies.

Qualifications:

• Bachelor's degree in Cyber Security, Information Technology, or a related field (or equivalent experience).
• Basic understanding of network security concepts, firewalls, and intrusion detection systems.
• Familiarity with security tools and technologies (e.g., SIEM, antivirus, encryption).
• Strong analytical and problem-solving skills.
• Excellent communication and teamwork abilities.
• Relevant certifications (e.g., CompTIA Security+, CEH) are a plus.
• Cantonese is a must

Job Description:

• Minimum of 2 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

About PureSoftware:

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world's top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

You can visit our website

We are seeking a dedicated professional to join our team as an Information Security and Technology Risk Assistant Manager for a critical 6-month engagement. This role will support the oversight of security and risk management functions for the eMPF Platform, delivered through a third-party partner. Core Responsibilities

Contribute to the creation and establishment of a monitoring system focused on safeguarding data, both physically and digitally, including cybersecurity, and managing technology-related risks during the platform's operation by an external delivery partner.

Support the evaluation and supervision of the delivery partner's execution of security and risk management projects, which includes designing performance and risk metrics, maintaining a log of incidents and potential threats, and ensuring timely resolution or mitigation strategies are implemented.

Aid in the deployment, enforcement, and ongoing improvement of governance structures, policies, and protocols related to security and technology risk oversight for the eMPF Platform.

Participate in periodic evaluations of security and technology risks to confirm adherence to applicable policies, legal standards, and regulations.

Offer assistance in preparing routine and as-needed updates for MPFA and eMPF Company leadership regarding project advancements and emerging challenges. Required Competencies and Background

Possess a bachelor's degree in Computer Science, Information Security, or a closely related field.

Bring 5 to 7 years of pertinent experience in areas such as technology risk assessment, information protection, cybersecurity, or regulatory adherence.

Hold recognized certifications in technology management or IT auditing, such as CISM, CISSP, CISA, CRISC, or comparable credentials.

Demonstrate a strong understanding of principles and leading practices in information security and technology risk management.

Familiarity with personal data privacy legislation (e.g., PDPO) is advantageous.

Expertise in securing infrastructure and software applications.

Exhibit a proactive attitude, accountability, strong analytical and interpersonal abilities, and a collaborative spirit.

Fluency in both written and spoken English and Chinese.

Show maturity, attention to detail, and the ability to thrive in high-pressure situations.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.

Full-time

Successful candidates will be seconded to our client in public sector.

Key Accountabilities

• Assist in developing and formulating the monitoring framework and mechanism in respect of information security, covering physical data / information security and cybersecurity, and technology risk management for the operation of the eMPF Platform by a third-party delivery partner (the "
  Delivery Partner
  ");
• Assist in overseeing and managing the Delivery Partner's performance and delivery of information security and technology risk related initiatives, including but not limited to the development of reporting metric (such as performance indicators and risk indicators), incidents and risk register for identifying, recording and monitoring potential risks, and ensuring proper follow-up on the risks identified through appropriate rectifications, remedial actions and / or mitigation measures;
• Assist in implementing, enforcing, monitoring and continuously enhancing supervisory framework, policies and procedures governing information security and technology risk management in support of the operation of the eMPF Platform;
• Assist in performing regular assessment on information security and technology risk to ensure compliance with the relevant policies, laws and regulations;
• Provide support for regular and ad hoc reporting to the management of the MPFA/ eMPF Company on work progress and potential issues.

Skills and Qualifications

• Degree holder in Computer Science / Information Security or related disciplines;
• Around 5 to 7 years of relevant experience in related fields e.g. technology risk, information security, cyber security and regulatory compliance;
• Relevant technology management and/or IT audit qualifications e.g. CISM, CISSP, CISA, CRISC or equivalent;
• Good knowledge on information security and technology risk management principles and best practices;
• Knowledge of the relevant personal data privacy laws and regulations (e.g. the PDPO) is preferred;
• Knowledge of security in infrastructure and applications;
• Proactive, responsible, good problem solving, communication and interpersonal skills, and a good team player with analytical thinking
• Good command of written and spoken English and Chinese; and
• Mature, detail-minded and able to work under pressure.

We are seeking a dedicated professional to join our team as an Information Security and Technology Risk Assistant Manager for a critical 6-month engagement. This role will support the oversight of security and risk management functions for the eMPF Platform, delivered through a third-party partner.

Core Responsibilities

• Contribute to the creation and establishment of a monitoring system focused on safeguarding data, both physically and digitally, including cybersecurity, and managing technology-related risks during the platform's operation by an external delivery partner.
• Support the evaluation and supervision of the delivery partner's execution of security and risk management projects, which includes designing performance and risk metrics, maintaining a log of incidents and potential threats, and ensuring timely resolution or mitigation strategies are implemented.
• Aid in the deployment, enforcement, and ongoing improvement of governance structures, policies, and protocols related to security and technology risk oversight for the eMPF Platform.
• Participate in periodic evaluations of security and technology risks to confirm adherence to applicable policies, legal standards, and regulations.
• Offer assistance in preparing routine and as-needed updates for MPFA and eMPF Company leadership regarding project advancements and emerging challenges.

Required Competencies and Background

• Possess a bachelor's degree in Computer Science, Information Security, or a closely related field.
• Bring 5 to 7 years of pertinent experience in areas such as technology risk assessment, information protection, cybersecurity, or regulatory adherence.
• Hold recognized certifications in technology management or IT auditing, such as CISM, CISSP, CISA, CRISC, or comparable credentials.
• Demonstrate a strong understanding of principles and leading practices in information security and technology risk management.
• Familiarity with personal data privacy legislation (e.g., PDPO) is advantageous.
• Expertise in securing infrastructure and software applications.
• Exhibit a proactive attitude, accountability, strong analytical and interpersonal abilities, and a collaborative spirit.
• Fluency in both written and spoken English and Chinese.
• Show maturity, attention to detail, and the ability to thrive in high-pressure situations.