174 Vulnerability Assessment jobs in Hong Kong

Join to apply for the Information Security Manager role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established organization within the financial services sector. With a large workforce and a solid market presence in Hong Kong, they are committed to maintaining high standards in technology and information security.

As a 'Manager, Information Security,' your main responsibilities will include:

• Overseeing the implementation and maintenance of the bank's information security systems.
• Conducting regular audits and risk assessments to ensure adherence to security protocols.
• Developing and implementing information security policies and procedures.
• Training and mentoring staff on information security best practices.
• Conducting cybersecurity assessments, including penetration testing and infrastructure/web application reviews.
• Managing and maintaining security systems such as firewalls, NAC, IPS, and SIEM.
• Leading and coordinating information security projects across departments.
• Managing incident responses and investigations into security breaches.
• Staying updated on the latest trends and developments in information security.
• Reporting on the status of information security to senior management.

A Successful 'Manager, Information Security' Should Have

• A degree in Computer Science, Information Security, or a related field.
• Proven experience in a managerial role within the field of information security.
• Familiarity with information security regulations and standards in the financial services industry.
• Exceptional leadership and communication skills.
• The ability to handle sensitive information with discretion and integrity.

• A competitive salary in the range of HKD 648,000 - HKD 792,000 per annum.
• Standard benefits package.
• The chance to work in a fast-paced, technology-driven environment within the financial services industry.
• Opportunities for career progression and professional development.
• A supportive and collaborative company culture.

We encourage all candidates who believe they can fulfill these responsibilities and possess the necessary qualifications and skills to apply. This is a fantastic opportunity to join a leading financial organization in Hong Kong and make a significant impact in the field of Information Security.

Contact: Alexis Wee

Quote job ref: JN-052025-6742617

• Mid-Senior level

• Full-time

• Information Technology and Engineering

• Financial Services, Accounting, and Banking

Join to apply for the Principal, Information Security role at AIA Hong Kong and Macau

Continue with Google Continue with Google

Join to apply for the Principal, Information Security role at AIA Hong Kong and Macau

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on.

About The Role

This position plays a significant role in supporting management and Director of Information Security to promote and enhance the maturity of Information and cyber security of the organisation, as well as related business entities. This is to be done through a robust governance, Information security risk management and compliance programmes, coupled with well-planned communications and awareness-raising programmes tailored for different internal and external stakeholders. Therefore, while the individual taking up this role may not need to be an Information Security expert, he or she must be a quick learner who can grasp a wide range of IT/cyber security topics. The individual must also be a great communicator who can convey messages in English and Chinese involving highly technical IT/cyber risk concepts to all levels of staff (for instance, for awareness-raising campaigns) and to strategic stakeholders (such as regulators, auditors and corporate clients) in an efficient and professional manner.

(Daily operation) Regulatory and Information Security Compliance

• Develop and manage the Information security governance framework & risk portfolio, which follows the AIA’s security standards and guidelines.
• Be the subject matter expert to provide advice on regulatory requirements related to information security.
  
  
  

• Lead and coordinate internal efforts to support compliance assessment against regulatory requirements and IT audits conducted by internal/external auditors;
• Coordinate inputs and craft accurate and appropriate responses to enquiries coming from regulators and auditors;
  
  
  

• Organise regular and frequent activities and develop localised materials to raise the awareness of staff at all levels on various cybersecurity controls and practices, and other topical issues of Information Security.
• Maintain and curate the internal Information Hub for education and sharing.
  
  
  

• Lead ad-hoc cross-functional teams on special projects or strategic initiatives relating to Information Security
• Communicate with group offices, business partners, corporate clients, IT vendors and external parties, as and when needed
  
  
  

• Degree holder in Computer Science, Information Systems, Business, Finance, Risk Management, or a related discipline.
• Minimum of 10 years of relevant and solid experience in Information Security risk management and control, gained from international financial institutions, professional firms or financial regulators.
• Holder of relevant IT audit professional qualification and/or IT security certificates preferred (such as CISA, CISM, CISSP etc.).
• Solid experience in handling cybersecurity assessments and IT audit-related assignments and familiar with relevant control requirements from different regulatory bodies such as Hong Kong Insurance Authority, Mandatory Provident Fund Schemes Authority, Macau AMCM etc.
• Excellent communication (written and oral) skills, and demonstratable experience as a highly effective facilitator of cross functional teams.
• Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment.
• Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically when solving problems.
• You are required to obtain the relevant licence(s) if your job involves regulated activities.
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Insurance

Referrals increase your chances of interviewing at AIA Hong Kong and Macau by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

Eastern District, Hong Kong SAR 1 hour ago

Shenzhen, Guangdong, China CN¥45,000 - CN¥5,000 2 years ago

Shenzhen, Guangdong, China CN 5,000 - CN 0,000 1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Information Security Manager role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established organization within the financial services sector. With a large workforce and a solid market presence in Hong Kong, they are committed to maintaining high standards in technology and information security.

As a 'Manager, Information Security,' your main responsibilities will include:

• Overseeing the implementation and maintenance of the bank's information security systems.
• Conducting regular audits and risk assessments to ensure adherence to security protocols.
• Developing and implementing information security policies and procedures.
• Training and mentoring staff on information security best practices.
• Conducting cybersecurity assessments, including penetration testing and infrastructure/web application reviews.
• Managing and maintaining security systems such as firewalls, NAC, IPS, and SIEM.
• Leading and coordinating information security projects across departments.
• Managing incident responses and investigations into security breaches.
• Staying updated on the latest trends and developments in information security.
• Reporting on the status of information security to senior management.

A Successful 'Manager, Information Security' Should Have

• A degree in Computer Science, Information Security, or a related field.
• Proven experience in a managerial role within the field of information security.
• Familiarity with information security regulations and standards in the financial services industry.
• Exceptional leadership and communication skills.
• The ability to handle sensitive information with discretion and integrity.

• A competitive salary in the range of HKD 648,000 - HKD 792,000 per annum.
• Standard benefits package.
• The chance to work in a fast-paced, technology-driven environment within the financial services industry.
• Opportunities for career progression and professional development.
• A supportive and collaborative company culture.

We encourage all candidates who believe they can fulfill these responsibilities and possess the necessary qualifications and skills to apply. This is a fantastic opportunity to join a leading financial organization in Hong Kong and make a significant impact in the field of Information Security.

Contact: Alexis Wee

Quote job ref: JN-052025-6742617

• Mid-Senior level

• Full-time

• Information Technology and Engineering

• Financial Services, Accounting, and Banking

Direct message the job poster from I-TRACING

I-TRACING is looking for a new talent to join our growing team in Hong Kong!

Reporting to the APAC SOC Manager, you will:

Job Duties & Responsibilities:

• Monitor the SIEM for suspicious events and anomalous activity
• Provide first level response for security events (up to L3)
• Handle event triaging by criticality
• Conduct proactive threat hunting
• Validate suspicious events and incidents by using open-source and proprietary intelligence sources
• Incident management, response, and reporting
• Participate to continuous improvement, alert design and workflow management
• Provide information to the client regarding intrusion events, security incidents, warning information and other threat indications

The ideal candidate has:

• Engineering/IT/Cybersecurity degree
• Good knowledge of networks and systems protocols
• Strong grasp on IT Security methodologies and approaches
• Understanding and experience with incident response methodologies
• Working knowledge of security issues, vulnerabilities, exploits, regulatory and legal changes, and security standards that may impact information security
• Ability to display superb listening, verbal, and written communication skills in English

Don’t hesitate and join us!

Why should you join us?

At I-TRACING we are passionate about cybersecurity, but not only!

Choosing I-TRACING means joining a company:

• Who makes the well-being of its employees a priority, recognized by the label “Happy At Work”
• Who implements local support for each employee with a technical manager, responsible for a team on a human scale. This guarantees the monitoring of your activity and the development of your career (personalized training plan, certifications, career development, internal mobility).
• Which gives you opportunities around the world (France, Montreal, Hong Kong, Kuala Lumpur, Shanghai)
• Whose technical expertise, commitment and sense of customer service are recognized in the market
• Strong values of cohesion, curiosity, initiative, solidarity and kindness

About I-TRACING

I-TRACING, the leading French pure-player of cybersecurity services, supports more than 430 customers worldwide in controlling their cyber risks from the anticipation of threats to the ability to react to attacks and limit their consequences.

I-TRACING achieved a turnover of 90 million euros in 2022 and has 550 employees worldwide.

Through a full range of cybersecurity services ranging from consulting to integration, to managed services, SOC and CERT, I-TRACING brings together all the technical expertise and engineering experience to support its customers on all their security issues.

Our CyberSOC represents more than 50 major account customers and large companies for the most part in 24/7, in collaboration with our subsidiaries around the world as part of our "Follow-the-sun" offer.

Our philosophy: open environments for a better rise in skills, varied tools and technologies, and internal knowledge sharing to help each other.

We are also accompanied by our team of security toolmakers and our SIEM engineers for continuous and tailor-made improvement.

To learn more about us and our commitments, please visit our website at

• Seniority level Associate

• Employment type Full-time

• Job function Information Technology
• Industries Computer and Network Security

Referrals increase your chances of interviewing at I-TRACING by 2x

Eastern District, Hong Kong SAR 2 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Principal, Information Security role at AIA Hong Kong and Macau

Continue with Google Continue with Google

Join to apply for the Principal, Information Security role at AIA Hong Kong and Macau

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.
To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.
If you believe in developing a better tomorrow, read on.
About The Role
This position plays a significant role in supporting management and Director of Information Security to promote and enhance the maturity of Information and cyber security of the organisation, as well as related business entities. This is to be done through a robust governance, Information security risk management and compliance programmes, coupled with well-planned communications and awareness-raising programmes tailored for different internal and external stakeholders. Therefore, while the individual taking up this role may not need to be an Information Security expert, he or she must be a quick learner who can grasp a wide range of IT/cyber security topics. The individual must also be a great communicator who can convey messages in English and Chinese involving highly technical IT/cyber risk concepts to all levels of staff (for instance, for awareness-raising campaigns) and to strategic stakeholders (such as regulators, auditors and corporate clients) in an efficient and professional manner.
(Daily operation) Regulatory and Information Security Compliance

• Develop and manage the Information security governance framework & risk portfolio, which follows the AIA’s security standards and guidelines.
• Be the subject matter expert to provide advice on regulatory requirements related to information security.
  

• Lead and coordinate internal efforts to support compliance assessment against regulatory requirements and IT audits conducted by internal/external auditors;
• Coordinate inputs and craft accurate and appropriate responses to enquiries coming from regulators and auditors;
  

• Organise regular and frequent activities and develop localised materials to raise the awareness of staff at all levels on various cybersecurity controls and practices, and other topical issues of Information Security.
• Maintain and curate the internal Information Hub for education and sharing.
  

• Lead ad-hoc cross-functional teams on special projects or strategic initiatives relating to Information Security
• Communicate with group offices, business partners, corporate clients, IT vendors and external parties, as and when needed
  

• Degree holder in Computer Science, Information Systems, Business, Finance, Risk Management, or a related discipline.
• Minimum of 10 years of relevant and solid experience in Information Security risk management and control, gained from international financial institutions, professional firms or financial regulators.
• Holder of relevant IT audit professional qualification and/or IT security certificates preferred (such as CISA, CISM, CISSP etc.).
• Solid experience in handling cybersecurity assessments and IT audit-related assignments and familiar with relevant control requirements from different regulatory bodies such as Hong Kong Insurance Authority, Mandatory Provident Fund Schemes Authority, Macau AMCM etc.
• Excellent communication (written and oral) skills, and demonstratable experience as a highly effective facilitator of cross functional teams.
• Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment.
• Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically when solving problems.
• You are required to obtain the relevant licence(s) if your job involves regulated activities.
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Insurance

Referrals increase your chances of interviewing at AIA Hong Kong and Macau by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

Eastern District, Hong Kong SAR 1 hour ago

Shenzhen, Guangdong, China CN¥45,000 - CN¥5,000 2 years ago

Shenzhen, Guangdong, China CN 5,000 - CN 0,000 1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

5 days ago Be among the first 25 applicants

Join our fast-paced team as a Senior Information Security Specialist, contributing to global security operations across various entities at the group level. In this role, you'll utilize advanced tools for threat detection, incident response, and proactive security measures, ensuring robust protection against emerging cyber threats.

Responsibilities

• Utilize cybersecurity tools like SIEM, EDR, and SOAR for effective threat management.
• Stay updated on emerging cyber threats, vulnerabilities, and mitigation techniques.
• Lead incident response, management, and investigations.
• Conduct purple team exercises and threat hunting to identify risks.
• Analyze threat actors and their tactics through detailed research.
• Perform malware analysis to prevent future attacks.
• Oversee actionable Threat Intelligence (TI) collection and execution.
• Propose and implement security initiatives to combat emerging threats.
• Develop and update playbooks and documentation for security processes.
• Provide expertise in creating and maintaining security frameworks and policies.
• Evaluate new software or products for security projects.
• Promote security awareness and conduct role-based training.
• Communicate cybersecurity risks effectively to stakeholders.

Requirements

• Must have 5-8 years of experience in Information Security with hands-on expertise in Security Engineering, Operations, Cyber Threat Intelligence, Digital Forensics, Incident Response, Endpoint, or Cloud Security.
• Must be skilled with security event tools and incident response within a blue team context.
• Nice to have: Experience in Red Teaming and Penetration Testing (PenTest), as well as in-house security operations.
• Proficient with SIEM, EDR, SOAR, Vulnerability Management, and Open-Source Tools.
• Familiar with cloud environments such as AWS, Azure, and GCP.
• Knowledge of malware reverse-engineering techniques.
• Proficient in one coding language (Python, Java, etc.).
• Strong understanding of the MITRE ATT&CK framework.
• Professional English proficiency; Chinese is a plus.

About OSL

As a subsidiary of the publicly listed OSL Group (HKEX: 863.HK), OSL Digital Securities is Hong Kong’s first and most established SFC-licensed and insured digital asset platform. Operating since 2018, the platform provides institutional-grade digital asset services to corporations, financial institutions, professional and retail investors.

OSL Core Values

Be customer-centered

Be a high-performing team

Be relentlessly innovative

Be an owner

Be geared toward action

Be compliant

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Finance, Accounting/Auditing, and Information Technology
• Industries Securities and Commodity Exchanges and Financial Services

Referrals increase your chances of interviewing at OSL by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Insurance - Information Security Manager role at Michael Page

1 day ago Be among the first 25 applicants

Join to apply for the Insurance - Information Security Manager role at Michael Page

About Our Client

The hiring company is a large organization within the insurance industry, known for its strong market presence and commitment to innovation. The company offers a collaborative environment and focuses on delivering high-quality services to its clients in Hong Kong.

• Strategic Impact
• Professional Growth
  
  
  

• Deliver expert guidance on security matters related to solution design, business initiatives, and general security inquiries.
• Create and update documentation for security policies and procedures, ensuring consistency with corporate security frameworks and standards.
• Perform risk evaluations on technology implementations and security controls to uncover vulnerabilities and propose mitigation strategies. Maintain a risk log and communicate potential impacts to relevant stakeholders.
• Lead and manage end-to-end security assessments and ISO compliance audits.
• Assist with external audit and regulatory compliance activities, and formulate action plans to address any identified gaps.
• Supervise the handling of security incidents, supporting frontline teams to ensure prompt identification, response, and resolution.
• Regularly assess and refine security policies and operational workflows to strengthen control measures.
• Compile and present security reports to the Chief Security Officer and senior leadership.
  
  
  

• Minimum of 5 years' experience in cybersecurity, risk management, or a related discipline.
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a similar field.
• Proven success in driving and executing effective security programs and initiatives.
• Strong analytical skills with the ability to navigate complex business environments and work independently.
• Exceptional communication and presentation abilities, capable of translating technical security concepts into business-friendly language.
• Experience in a global or multinational corporate setting is preferred.
• Proficiency in English, both spoken and written.
• Possession of relevant certifications such as CISSP, CISA, OSCP, CEH, ISO 27001, NIST, or equivalent is advantageous.
  
  
  

• Competitive annual salary in the range of HKD 660,000 to HKD 816,000.
• Opportunity to work in a large organization within the insurance industry with a focus on innovation.
• Collaborative company culture that values professional growth and development.
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology and Engineering
• Industries Insurance, Financial Services, and Capital Markets

Referrals increase your chances of interviewing at Michael Page by 2x

Get notified about new Information Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 week ago

Kwun Tong District, Hong Kong SAR 2 months ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwai Tsing District, Hong Kong SAR 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Lead, Information Security Assurance role at AXA Hong Kong and Macau

2 days ago Be among the first 25 applicants

Join to apply for the Lead, Information Security Assurance role at AXA Hong Kong and Macau

• Provide professional security advisory and recommendations on solutions architecture, business project requirements, and security related enquiry.
• Develop and maintain security policies and process documentation. Ensure alignment with Corporate Security standards and controls.
• Conduct security risk assessment on technology solutions and/or technical controls to identify potential security threats and vulnerabilities and develop strategies to mitigate risks. Maintain security risk register, and communicate identified risks and impacts to stakeholders.
• Conduct security assessment and ISO audit and managing the exercise from end-to-end.
• Support external security audits and compliance assessments, devising mitigation measures to effectively address findings.
• Oversee security incident management and support the first line to ensure timely detection, response, and resolution of security incidents.
• Periodically review and update security policies and operational processes for security control enhancement.
• Prepare management reports for the Chief Security Officer and the Management team.
  
  

• Provide professional security advisory and recommendations on solutions architecture, business project requirements, and security related enquiry.
• Develop and maintain security policies and process documentation. Ensure alignment with Corporate Security standards and controls.
• Conduct security risk assessment on technology solutions and/or technical controls to identify potential security threats and vulnerabilities and develop strategies to mitigate risks. Maintain security risk register, and communicate identified risks and impacts to stakeholders.
• Conduct security assessment and ISO audit and managing the exercise from end-to-end.
• Support external security audits and compliance assessments, devising mitigation measures to effectively address findings.
• Oversee security incident management and support the first line to ensure timely detection, response, and resolution of security incidents.
• Periodically review and update security policies and operational processes for security control enhancement.
• Prepare management reports for the Chief Security Officer and the Management team.
  
  

• 5+ years of experience in information security, security risk, or a related area.
• Degree in Information Security, Computer Science, Information Management Systems, or a related field.
• Demonstrated track record in leading and implementing successful information security initiatives and programs.
• Ability to apply analytical rigor to understand complex business scenarios, with strong problem-solving skills and the ability to work independently.
• Excellent presentation and communication skills, with the ability to convey complex security concepts in clear, business-intelligible language.
• Experience working in a multinational organization is advantageous.
• Fluent in English (verbal and written).
• Relevant certifications (e.g., CISSP, CISA, OSCP, CEH, ISO 27001, NIST, or equivalent) are a plus.
  
  

• Seniority level Not Applicable

• Employment type Full-time

• Job function Information Technology
• Industries Insurance

Referrals increase your chances of interviewing at AXA Hong Kong and Macau by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 day ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Sha Tin District, Hong Kong SAR 1 day ago

Sha Tin District, Hong Kong SAR 2 days ago

Shenzhen, Guangdong, China CN¥45,000.00-CN¥65,000.00 2 years ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Head of Information Security role at Michael Page .

1 day ago Be among the first 25 applicants.

Our client is a well-established insurance firm, recognized as a large organization in the industry. Operating in a competitive and fast-paced environment, they are heavily focused on technological innovation and security. Their commitment to maintaining the highest standards of information security is one of their top priorities.

As a Head of Information Security , your main responsibilities will include:

1. Defining and implementing the company's information security strategy and roadmap.
2. Developing and maintaining the ISMS based on ISO 27001.
3. Conducting regular information security risk assessments.
4. Ensuring compliance with regulatory requirements related to information security.
5. Managing the information security incident response process.
6. Providing information security training and awareness to all staff.
7. Working closely with the IT department to ensure the security of the IT infrastructure.
8. Reporting to management on information security status and initiatives.

A Successful 'Head Of Information Security' Should Have

• A degree in Information Technology, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, or CISA.
• Proven experience in developing and managing ISMS based on ISO 27001.
• Strong knowledge of information security principles and practices.
• Ability to conduct information security risk assessments and audits.
• Experience in managing information security incidents.
• Strong communication and leadership skills.

• A competitive salary range of around HKD 1,080,000 to HKD 1,200,000.
• Standard benefits package including health insurance and retirement plans.
• Opportunity to work in a technologically advanced environment.
• A supportive and collaborative work culture.

We are looking for an ambitious and dedicated professional to join our team in this critical role. If you have the necessary skills and experience, we would love to hear from you. Apply today to secure your future in a highly rewarding career in the insurance industry.

Contact: Alexis Wee

Quote job ref: JN-052025-6742521

• Director

• Full-time

• Information Technology and Engineering

• Insurance, Financial Services, and Capital Markets