The Cafe de Carol Holding Limited (“CdC”) is seeking an experienced Technology & Information Risk professional to join the team and lead all aspects of information technology risk management in the corporation. The Security Officer will be responsible for the design, implementation and enforcement of information security practices for CdC to protect the confidentiality, integrity and availability of CdC’s information assets.

Responsibilities

The applicant will be responsible for oversight of all aspect of information technology risk management (risk identification, measurement, monitoring and control) for the corporation, including but not limited to:

• Act as a subject matter expert in information security and technology risk for the organization.
• Develop and maintain the IT risk governance framework and IT risk portfolio
• Establish and maintain security dashboard with key risk indicators
• Design and implement enterprise-wide technology risk program. Assist in planning of technology related risk management strategies, processes and work plans.
• Review IT initiatives from technology risk perspectives and work with vendors when necessary.
• Establishing policy and security baseline for key IT processes. Establish and maintain security standards and guidelines with focus on application and network security.
• Define security architecture for the organization infrastructure and application.
• Establish review processes on information security operation; review the remediation measures performed by IT department to verify the security risks identified have been properly addressed.
• Work with the IT department to monitor system and network security threat and to response with quick remediation action.
• Establish and manage information security incident response program. Develop guidelines to facilitate the communication between relevant stakeholders during incidents. Provide support in post-incident investigation and forensics.
• Manage compliance measurement of security patch compliance for corporate infrastructure.
• Conduct security review of company-wide IT operations, assist in vulnerability assessments, penetration tests and source code review of corporate systems and facilitate improvement
• Establish and implement the assessment on outsourcing/third party security control.
• Report to senior management on the research and evaluation on latest security threats and technology solutions, such as Mobility and Personal Data Privacy. Proactively work with vendors to understand the up-to-date related technology for the possible CdC’s implementation feasibility.
• Report findings on security inefficiencies and provide recommendation for improvement.
• Logging, tracking and mitigating potential threats to CdC.
• Promote cyber security awareness across the corporation

Requirements:

• Degree or above in Computer Studies, Information Systems or related disciplines
• 5-10 years of relevant Information Technology Risk, Information Security experience
• Strong understanding of retail and consumer goods industry, preferable in catering industry, information technology risk concept, and/or experience as IT security auditor/consultant.
• Experience in writing security guideline
• Solid experience of risk assessment methodologies, internal controls and information technology risk management frameworks such as ITIL, COBIT 5, and ISO 27001
• Good communication and interpersonal skills across different levels of management
• Well organize, good time management & able to work under pressure
• Ability to work effectively with all levels of the organization.
• Industry certifications such as CISSP, CISM, CISA, CRISC. CEH, ISO Lead Auditor preferred
• Fluent in spoken and written English and Chinese.

Interested parties please send full resume with PRESENT & EXPECTED SALARY to Ms. Lin by "APPLY NOW" or by mail to Ms. Lin, Human Resources Department, 10/F., Cafe de Coral Centre, 5-13 Wo Shui Street, Fotan, N.T.（Please quote Reference No. on envelope or as email subject）
 

We are an EQUAL OPPORTUNITIES EMPLOYER.
All information received will be kept in strict confidence and be used for employment-related purpose only.

We are one of the largest publicly listed restaurant groups in Hong Kong with over 300 outlets in Hong Kong, more than 100 outlets in Mainland China. To cope with our business needs, we invite high calibre professional to fill the following position:-