18 Vulnerability Management jobs in Hong Kong

2 days ago Be among the first 25 applicants

Direct message the job poster from Kerry Consulting

We are seeking a strategic and hands-on Vulnerability Management Lead to lead our client's vulnerability management program. This role is responsible for designing, implementing, and continuously improving our vulnerability identification, assessment, and remediation processes to reduce risk across our enterprise environment.

You will work closely with stakeholders across IT, Security Operations, Governance, Risk & Compliance (GRC), and Application Development to ensure timely and effective remediation of vulnerabilities, while also establishing metrics, governance frameworks, and reporting mechanisms to track risk reduction and program effectiveness.

We would be open to relocating candidates to Hong Kong for this role.

Responsibilities:

• Lead the end-to-end vulnerability management lifecycle, including identification, prioritization, remediation, and reporting of vulnerabilities across infrastructure, applications, cloud, and endpoint environments.
• Define and implement vulnerability management strategy and roadmap, aligning with overall cybersecurity goals and risk posture.
• Develop and maintain governance frameworks, including policies, standards, and procedures related to vulnerability scanning, assessment, and remediation.
• Coordinate vulnerability scanning and threat intelligence tools (e.g., Qualys, Tenable, Rapid7, etc.) to ensure accurate and timely detection.
• Establish strong collaboration with Infrastructure, DevOps, Cloud, and Application Security teams to drive timely and risk-based remediation of vulnerabilities.
• Report on vulnerability management metrics, trends, and risk indicators to senior leadership and stakeholders, including compliance with internal SLAs and regulatory obligations.
• Stay current with emerging threats, vulnerabilities, and industry best practices to evolve the program proactively.
• Lead or participate in vulnerability-related incident response efforts, root cause analysis, and lessons learned.
• Oversee vulnerability assessments and penetration testing activities, whether internally executed or via third-party vendors.
• Engage with auditors and regulators as needed to demonstrate controls and effectiveness of the vulnerability management program.

Requirements:

• Bachelor's or Master's degree in Cybersecurity, Computer Science, Information Systems, or related field.
• 10+ years of experience in information security, with at least 5 years in vulnerability management with recent leadership experience.
• Proven experience building and scaling vulnerability management programs in a complex enterprise.
• Strong understanding of risk-based vulnerability prioritization, CVSS scoring, threat intelligence integration, and exploitability context.
• Hands-on experience with common tools: Qualys, Tenable, Rapid7, Nexpose, Burp Suite, etc.
• Familiarity with frameworks and standards such as NIST, CIS Controls, ISO 27001, and relevant regulatory requirements.

To apply:

If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.

Reg: R1876389

Lic: 16S8060

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Information Services

Referrals increase your chances of interviewing at Kerry Consulting by 2x

Hong Kong SAR HK$32,000.00-HK$6,000.00 2 weeks ago

Hong Kong SAR HK 17,925.00-HK 29,523.00 2 months ago

Kwai Tsing District, Hong Kong SAR 2 hours ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

2 days ago Be among the first 25 applicants

We're seeking a Regional Vulnerability Management Project Coordinator to lead the APAC vulnerability management initiatives. In this role, you'll transform raw security data into actionable insights while ensuring flawless execution of global cybersecurity standards across local implementations.

Main Responsibilities

Program Coordination

• Support the regional execution of the global vulnerability and compliance management program
• Establish and maintain project governance frameworks for IT Operations departments
• Oversee end-to-end vulnerability operations (scoping, scanning, reporting, stakeholder coordination)

Stakeholder & Remediation Management

• Partner with local teams to optimize organizational processes and remediation workflows
• Govern Business IT departments' vulnerability remediation activities
• Assess and mitigate security risks from vulnerabilities and compliance gaps
• Deliver regular updates to global/regional stakeholders, including C-level executives
• Provide field insights to the Programme Lead to shape APAC strategy

Training & Enablement

• Develop training materials and conduct awareness sessions on VM tools/reports
• Drive adoption of vulnerability management procedures across stakeholders
• Translate technical findings into actionable business recommendations

Qualifications & Experience

• 5-7 years of hands-on vulnerability management experience, including comprehensive understanding of vulnerability assessment lifecycle (scanning, analysis, prioritization, remediation tracking) and interpretation of security findings across platforms.
• Proficiency in data visualization tools (PowerBI, Tableau) for security reporting
• Demonstrated success managing complex, cross-functional security initiatives
• Exceptional communication skills with ability to present to technical and executive audiences
• Strong attention to detail with ability to maintain accuracy in fast-paced environments
• Knowledge of Qualys, Nexpose, or similar vulnerability assessment platforms is good to have.
• Financial services or highly regulated industry experience is preferred but not mandatory.
• Relevant certifications are a plus (CISSP, CISM, CRISC)

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries IT Services and IT Consulting, Financial Services, and Banking

Referrals increase your chances of interviewing at We+ Asia by 2x

Central & Western District, Hong Kong SAR 3 weeks ago

Wan Chai District, Hong Kong SAR 3 weeks ago

Central & Western District, Hong Kong SAR 9 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Senior Technical Manager, Vulnerability Management role at The Hong Kong Jockey Club

1 day ago Be among the first 25 applicants

Join to apply for the Senior Technical Manager, Vulnerability Management role at The Hong Kong Jockey Club

Get AI-powered advice on this job and more exclusive features.

• Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Networks and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps), through hiring, training, coaching, objective setting and performance management of team members
• Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met
• Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority is given to effectively remediate the vulnerabilities within the agreed timelines
• Ensure the relevant and adequate coverage of vulnerability intelligence, to assess the vulnerabilities in the Club’s context and the external threat landscape
• Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively
• Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service
• Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders
• Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee the implementation of it
  
  
  

• Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Networks and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps), through hiring, training, coaching, objective setting and performance management of team members
• Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met
• Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority is given to effectively remediate the vulnerabilities within the agreed timelines
• Ensure the relevant and adequate coverage of vulnerability intelligence, to assess the vulnerabilities in the Club’s context and the external threat landscape
• Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively
• Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service
• Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders
• Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee the implementation of it
  
  
  

• Degree in Computer Science, Information Security, and/or related discipline
• 12 years or more of working experience in the related field, with at least 5 years in the Vulnerability Management domain across various disciplines, including leading and managing teams
• Strong experience covering Vulnerability Management services and required operating procedures
• High degree of logical and analytical thinking skills, particularly on the different categories of vulnerabilities and how they work
• Strong service and customer-focused approach to the service being delivered
• Excellent interpersonal, collaborative and communication skills
• Well-disciplined with exemplary professional competence and integrity
• Experience with the following services and technologies – Vulnerability Assessment, DevSecOps, Pen-Testing, Secure Code Review, Attack Surface Management, Red Team
• Industry-recognised certification in one or more of the following – CISSP, CISM, etc.
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Get notified about new Senior Technical Manager jobs in Sha Tin District, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 day ago

Sha Tin District, Hong Kong SAR 17 hours ago

Tsim Sha Tsui, Hong Kong SAR 3 months ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Shek Pik, Hong Kong SAR HK$40,000.00-HK$70,000.00 1 month ago

Islands District, Hong Kong SAR 8 months ago

Kwai Tsing District, Hong Kong SAR 3 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

2 days ago Be among the first 25 applicants

We're seeking a Regional Vulnerability Management Project Coordinator to lead the APAC vulnerability management initiatives. In this role, you'll transform raw security data into actionable insights while ensuring flawless execution of global cybersecurity standards across local implementations.

Main Responsibilities

Program Coordination

• Support the regional execution of the global vulnerability and compliance management program
• Establish and maintain project governance frameworks for IT Operations departments
• Oversee end-to-end vulnerability operations (scoping, scanning, reporting, stakeholder coordination)

Stakeholder & Remediation Management

• Partner with local teams to optimize organizational processes and remediation workflows
• Govern Business IT departments' vulnerability remediation activities
• Assess and mitigate security risks from vulnerabilities and compliance gaps
• Deliver regular updates to global/regional stakeholders, including C-level executives
• Provide field insights to the Programme Lead to shape APAC strategy

Training & Enablement

• Develop training materials and conduct awareness sessions on VM tools/reports
• Drive adoption of vulnerability management procedures across stakeholders
• Translate technical findings into actionable business recommendations

Qualifications & Experience

• 5-7 years of hands-on vulnerability management experience, including comprehensive understanding of vulnerability assessment lifecycle (scanning, analysis, prioritization, remediation tracking) and interpretation of security findings across platforms.
• Proficiency in data visualization tools (PowerBI, Tableau) for security reporting
• Demonstrated success managing complex, cross-functional security initiatives
• Exceptional communication skills with ability to present to technical and executive audiences
• Strong attention to detail with ability to maintain accuracy in fast-paced environments
• Knowledge of Qualys, Nexpose, or similar vulnerability assessment platforms is good to have.
• Financial services or highly regulated industry experience is preferred but not mandatory.
• Relevant certifications are a plus (CISSP, CISM, CRISC)

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries IT Services and IT Consulting, Financial Services, and Banking

Referrals increase your chances of interviewing at We+ Asia by 2x

Central & Western District, Hong Kong SAR 3 weeks ago

Wan Chai District, Hong Kong SAR 3 weeks ago

Central & Western District, Hong Kong SAR 9 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Senior Technical Manager, Vulnerability Management role at The Hong Kong Jockey Club

1 day ago Be among the first 25 applicants

Join to apply for the Senior Technical Manager, Vulnerability Management role at The Hong Kong Jockey Club

Get AI-powered advice on this job and more exclusive features.

• Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Networks and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps), through hiring, training, coaching, objective setting and performance management of team members
• Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met
• Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority is given to effectively remediate the vulnerabilities within the agreed timelines
• Ensure the relevant and adequate coverage of vulnerability intelligence, to assess the vulnerabilities in the Club’s context and the external threat landscape
• Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively
• Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service
• Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders
• Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee the implementation of it
  

• Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Networks and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps), through hiring, training, coaching, objective setting and performance management of team members
• Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met
• Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority is given to effectively remediate the vulnerabilities within the agreed timelines
• Ensure the relevant and adequate coverage of vulnerability intelligence, to assess the vulnerabilities in the Club’s context and the external threat landscape
• Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively
• Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service
• Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders
• Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee the implementation of it
  

• Degree in Computer Science, Information Security, and/or related discipline
• 12 years or more of working experience in the related field, with at least 5 years in the Vulnerability Management domain across various disciplines, including leading and managing teams
• Strong experience covering Vulnerability Management services and required operating procedures
• High degree of logical and analytical thinking skills, particularly on the different categories of vulnerabilities and how they work
• Strong service and customer-focused approach to the service being delivered
• Excellent interpersonal, collaborative and communication skills
• Well-disciplined with exemplary professional competence and integrity
• Experience with the following services and technologies – Vulnerability Assessment, DevSecOps, Pen-Testing, Secure Code Review, Attack Surface Management, Red Team
• Industry-recognised certification in one or more of the following – CISSP, CISM, etc.
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Get notified about new Senior Technical Manager jobs in Sha Tin District, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 1 day ago

Sha Tin District, Hong Kong SAR 17 hours ago

Tsim Sha Tsui, Hong Kong SAR 3 months ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Shek Pik, Hong Kong SAR HK$40,000.00-HK$70,000.00 1 month ago

Islands District, Hong Kong SAR 8 months ago

Kwai Tsing District, Hong Kong SAR 3 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Are you a master of craft?Do you thrive in a team that succeeds together, demonstrating integrity and respect while acting responsibly? Do you embrace a growth mindset? We invite you to become a fan of the exceptional.

Mandarin Oriental is the award-winning owner and operator of some of the most luxurious hotels, resorts and residences located in prime destinations around the world, with a strong development pipeline. Increasingly recognized for creating some of the world’s most sought-after properties, the Group provides legendary service inspired by Asian heritage whilst representing the very cutting-edge of luxury experiences.

Position Title: Security Analyst

Position Objective:

The Security Analyst will support Mandarin Oriental’s global cybersecurity operations by monitoring, analyzing, and maintaining the security posture across on-premises, cloud, and mobile environments. This role will work closely with security engineers, architects, and IT teams to detect, investigate, and remediate threats, ensuring compliance and resilience across the Group’s digital infrastructure.

Key Responsibilities:

• Monitor up-time, reliability, stability, and policy compliance of security systems; coordinate with business units to remediate gaps (15%)
• Detect and respond to network anomalies and malware events across multiple security platforms (20%)
• Manage and monitor network, host, and cloud Data Loss Prevention (DLP) solutions (15%)
• Investigate and manage SIEM alerts (10%)
• Monitor email/spam filtering systems and remediate malicious events (10%)
• Oversee application whitelisting and file integrity monitoring (10%)
• Ensure cybersecurity configuration compliance via vulnerability management tools (10%)
• Manage remediation of vulnerabilities and penetration testing findings (10%)
• Perform additional duties as assigned by the Manager, Security Architecture

Qualifications:

• Bachelor’s degree in Information Systems, Computer Science, or equivalent experience
• 2–4 years of experience in IT or cybersecurity roles
• Strong knowledge of SIEM, IDS/IPS, malware protection, DLP, IAM, vulnerability scanning, and incident response

Our commitment to you

• Learning & Development. Your success is our success. We craft unique learning and development programmes for various stages in your career so that you grow, continuously.
• MOstay. When you work as hard as our colleagues do, it’s important to take time off. As a member of the #MOfamily, you can stay with us wherever you go in the world. The MOstay programme offers complimentary nights and additionally attractive rates on rooms for you and your loved ones.
• Heath & Colleague Wellness. Finding the right work-life balance is important. Your wellbeing matters to us. A variety of health benefits and wellness programmes are offered to all our colleagues, globally.
• Retirement Plans. When you show commitment to us, we reciprocate. We offer different retirement plans depending on the length of your service and your role.

We’re Fans. Are you?

Are you a master of craft?Do you thrive in a team that succeeds together, demonstrating integrity and respect while acting responsibly? Do you embrace a growth mindset? We invite you to become a fan of the exceptional.

Mandarin Oriental is the award-winning owner and operator of some of the most luxurious hotels, resorts and residences located in prime destinations around the world, with a strong development pipeline. Increasingly recognized for creating some of the world’s most sought-after properties, the Group provides legendary service inspired by Asian heritage whilst representing the very cutting-edge of luxury experiences.

Position Title: Security Analyst

Position Objective:

The Security Analyst will support Mandarin Oriental’s global cybersecurity operations by monitoring, analyzing, and maintaining the security posture across on-premises, cloud, and mobile environments. This role will work closely with security engineers, architects, and IT teams to detect, investigate, and remediate threats, ensuring compliance and resilience across the Group’s digital infrastructure.

Key Responsibilities:

• Monitor up-time, reliability, stability, and policy compliance of security systems; coordinate with business units to remediate gaps (15%)
• Detect and respond to network anomalies and malware events across multiple security platforms (20%)
• Manage and monitor network, host, and cloud Data Loss Prevention (DLP) solutions (15%)
• Investigate and manage SIEM alerts (10%)
• Monitor email/spam filtering systems and remediate malicious events (10%)
• Oversee application whitelisting and file integrity monitoring (10%)
• Ensure cybersecurity configuration compliance via vulnerability management tools (10%)
• Manage remediation of vulnerabilities and penetration testing findings (10%)
• Perform additional duties as assigned by the Manager, Security Architecture

Qualifications:

• Bachelor’s degree in Information Systems, Computer Science, or equivalent experience
• 2–4 years of experience in IT or cybersecurity roles
• Strong knowledge of SIEM, IDS/IPS, malware protection, DLP, IAM, vulnerability scanning, and incident response

Our commitment to you

• Learning & Development. Your success is our success. We craft unique learning and development programmes for various stages in your career so that you grow, continuously.
• MOstay. When you work as hard as our colleagues do, it’s important to take time off. As a member of the #MOfamily, you can stay with us wherever you go in the world. The MOstay programme offers complimentary nights and additionally attractive rates on rooms for you and your loved ones.
• Heath & Colleague Wellness. Finding the right work-life balance is important. Your wellbeing matters to us. A variety of health benefits and wellness programmes are offered to all our colleagues, globally.
• Retirement Plans. When you show commitment to us, we reciprocate. We offer different retirement plans depending on the length of your service and your role.

We’re Fans. Are you?

1 day ago Be among the first 25 applicants

Direct message the job poster from REC GROUP

Important: Only Candidates with Hong Kong Credentials Will Be Considered

We are ONLY hiring individuals who:

Are based in Hong Kong, OR

Hold valid Hong Kong identification / visa / work permit.

Applicants without Hong Kong credentials will not be considered.

Please ensure your eligibility before applying. Thank you!

Join Our Remote Revolution | Multiple Open Roles Available

Forget boring jobs.

Forget rigid offices.

If you’re sharp, hungry, and ready to build your future — we want you.

Who We Are:

We are a growing, global, remote-first team working across finance, business, and professional services.

We move fast, we dream big, and we believe great people make great companies — not the other way around.

What We’re Offering:

• 100% remote — work from your city, your couch, your favorite coffee shop
• Flexible hours — we care about results, not clock-watching
• Growth opportunities — mentorship, upskilling, real career tracks

Who You Are:

• Hong Kong-based OR have valid Hong Kong documentation
• A quick learner who loves solving problems
• Independent, reliable, and not afraid to make things happen
• Comfortable with tools like Slack, Zoom, Google Workspace, MS Office
• English fluency preferred — other languages are a plus
• Finance, Business, Admin, Client Services backgrounds? Perfect — but not required.

We’re currently recruiting across multiple positions.

You bring the drive — we’ll bring the opportunity.

Let’s make big things happen together.

• Entry level

• Full-time

• Information Technology

• Staffing and Recruiting

1 day ago Be among the first 25 applicants

Direct message the job poster from REC GROUP

Important: Only Candidates with Hong Kong Credentials Will Be Considered

We are ONLY hiring individuals who:

Are based in Hong Kong, OR

Hold valid Hong Kong identification / visa / work permit.

Applicants without Hong Kong credentials will not be considered.

Please ensure your eligibility before applying. Thank you!

Join Our Remote Revolution | Multiple Open Roles Available

Forget boring jobs.

Forget rigid offices.

If you’re sharp, hungry, and ready to build your future — we want you.

Who We Are:

We are a growing, global, remote-first team working across finance, business, and professional services.

We move fast, we dream big, and we believe great people make great companies — not the other way around.

What We’re Offering:

• 100% remote — work from your city, your couch, your favorite coffee shop
• Flexible hours — we care about results, not clock-watching
• Growth opportunities — mentorship, upskilling, real career tracks

Who You Are:

• Hong Kong-based OR have valid Hong Kong documentation
• A quick learner who loves solving problems
• Independent, reliable, and not afraid to make things happen
• Comfortable with tools like Slack, Zoom, Google Workspace, MS Office
• English fluency preferred — other languages are a plus
• Finance, Business, Admin, Client Services backgrounds? Perfect — but not required.

We’re currently recruiting across multiple positions.

You bring the drive — we’ll bring the opportunity.

Let’s make big things happen together.

• Entry level

• Full-time

• Information Technology

• Staffing and Recruiting