Responsibilities:

• Design, develop and update Information security policies, standards and guidelines.
• Research security standards, security systems and authentication protocols.
• Perform risk analyzes on existing security infrastructure and implement security enhancements.
• Implement systems and procedures to enable digital forensics capabilities.
• Develop technical requirements and controls for network, system and data security.
• Provide technical guidance to systems and network team regarding security configurations.
• Participate in developing, tuning and implementing threat detection analytics.
• Apply process to ensure that IT operational and control risks are at an acceptable level within the risk thresholds of the bank, by evaluating the adequacy of risk management controls.
• Assist in communicating the risk management standards, policies and procedures to stakeholders.
• Analyze and report to management, and investigate into any non-compliance of risk management policies and protocols.
• Define appropriate framework for cybersecurity monitoring (including monitoring requirements, indicators, datasets, collection and analytical methods).
• Analyze cybersecurity incidents and make recommendations on remediation actions.
• Collect data on cybersecurity related risk, attacks, breaches and incidents, including external data and statistics as appropriate.
• Investigate security incidents by gathering evidence and reviewing system logs / audit trails.
• Involve in project team on developing a new system for the bank. Provide solution and advice related to security of the system, network and IT infrastructure.
• Prepare and conduct security awareness training to the bank.
• Conduct regular security assessment on the system, network and IT infrastructure used by the bank.
• Play a governance role on the IT outsourcing service provider. Perform regular security assessment on IT outsourcing service provider.

Requirements:

• Minimum 5 years of relevant work experience in information security / cybersecurity.
• University graduate in Computer Science / Information Technology or equivalent.
• One or more certificates listed below:
• ISC2 Certified Information Security Professional (CISSP)
• ISACA Certified Information System Auditor (CISA)
• ISACA Certified Information Security Manager (CISM)
• ISC2 Certified Cloud Security Professional (CCSP)
• HKIB Associate Cybersecurity Professional (ACsP)
• CCASP Practitioner Security Analyst (CPSA)
• Experience in Microsoft Windows, AIX, Sun Solaris, Linux, CISCO router and switch, F5 ASM/APM/LTM, Checkpoint firewall, Juniper firewall, Trend Micro Deep Security, Splunk,  Forcepoint Web Security Gateway and ForeScout Network Access Control.
• Solid experience in Thales payShield HSM and nShield HSM
• Solid experience in performing vulnerability scanning, penetration test and technology risk assessment
• In depth knowledge in the security controls of client server technology, web applications (using HTML, Java, Ajax, and .NET) and database (such as Oracle, DB/2, MS-SQL and Sybase)
• Familiar with the Supervisory Policy Manual of HKMA, Personal Data Privacy Ordinance, PCI Data Security Standard, and Customer Security Controls Framework of SWIFT and SFC guidelines
• Familiar with Public Key Infrastructure (PKI) and ANSI x9.17 Key Management Standard
• Banking experience is an advantage
• Strong information security sense in relation to business requirements
• Excellent command of written English
• Mature, independent and able to deliver quality results under tight schedule
• Good communication and interpersonal skills

Please note that only shortlisted candidates will be notified.