At NTT Security, we are currently seeking an experienced Principal Security Consultant (SSRC) for our Professional Services division in Hing Kong.

Position Overview

The Principal Security Consultant is a client-facing security consulting position and is responsible for the successful delivery of various Security Strategy, Risk and Compliance (SSRC) assessments / remediation programs / projects. Serving as the trusted security advisor, the Principal Security Consultant will work with the client to liaise with clients various stakeholders on the cybersecurity objectives in considering business strategic goals, develop the appropriate cybersecurity strategy and roadmaps, advices on various technology solutions as well as managed security services, and etc.

Key Accountabilities

As the Principal Security Consultant (Security Strategy, Risk and Compliance)you will be leading the SSRC team to drive the success of the practice in SSRC domains. You will be driving multiple client engagements focused in delivering information security projects related to our Security Strategy, Risk and Compliance (SSRC) practice.  Specific responsibilities will include:

• Participate in presales and delivery of complex consultancy assignments in information security projects related to Governance, Risk and Compliance
• Lead and conduct information security certification audit and consulting projects, such as PCI-DSS audit / consulting, ISO27001 ISMS consulting, Privacy Impact Assessment.
• Lead and perform various types of Cybersecurity risk assessment / consulting project.Lead and conduct regulatory compliance assessment / advisory projects on IT perspective, specifically for Hong Kong, Singapore, China and Taiwan.
• Interact with the client’s senior management, including CISO, CIO, CTO and etc and provide strategic level advices on the cybersecurity domains
• Provide consultancy advices to client in closing technology control gaps / vulnerabilities in a practical way
• Implementing information security policies, procedures, standards, guidelines for clients.
• Drive pre-sales activities of the SSRC practice.
• Work with other regional team to develop / improve the SSRC service delivery frameworks.

 Experience Skills and Qualifications

 As the Principal Security Consultant (Security Strategy, Risk and Compliance) your skills and qualifications will include:

•  Possess at least 8 years of working experience related to information security practices
• Requires degree level of education, or significant experience and track record with tertiary qualifications.
• Holder of security assessor certificates, such as PCI QSA certification or ISO27001 Lead Auditor, or experiences in PCI-DSS / ISO27001 are preferred.
• Possess of information security or IT audit certifications, such as CISA/CISM/CRISC/CISSP/CSX
• Experienced in a pre-sales, consulting or equivalent capacity
• Project management experiences is preferred
• Experiences in penetration testing is preferred
• Has experience in technology audit, risk assessment, policy review and control review type of engagement with financial services industry, or other specific industry such as public sector, automotive, pharmaceutical, gaming and entertainment and etc.
• Experiences in handling regulatory requirements on financial services industry, such as HKMA, MAS, SFCHK, PBOC, CBRC, Taiwan FSC and etc.
• Demonstrate excellent skills in structured problem solving techniques, creativity and intelligence in the development of solutions to customer problems
• Be self-motivated and self-disciplined with a demonstrable and successful track record in delivering consultancy projects to all sizes of organizations
• Have good presentation skills with the ability to present to audiences of both business and IT stakeholders
• Have good written communication and report writing skills.
• Must be a good team player
• Demonstrate commitment to delivering projects within time and in budget and to a high level of client satisfaction
• Be willing to travel across regions.
• Candidates who possess less experience will be considered as Senior Security Consultant (Security Strategy, Risk and Compliance).