The incumbent will establish and maintain a corporate information security management programme to ensure that information assets are adequately protected. The incumbent will also work proactively with business units to implement practices that meet defined policies and standards for information security.  Further, the incumbent will identify, evaluate and report on information security risks in a manner that meets compliance and regulatory requirements, aligns with and supports the risk posture of the company.   
 
The Job:

• Develop, implement and monitor a strategic enterprise information security and IT risk management programme to ensure that the integrity, confidentiality and availability of information is controlled by the company.
• Act as an internal consultant to evaluate current and emerging technologies and business user’s requests.
• Work with business users and the JSSHK IT team on new projects to ensure information security requirements are in place.
• Conduct internal/external security assessments including, but not limited to vulnerability scans and penetration tests and recommend remedial actions.
• Lead and manage the implementation of various security related projects.
• Be able to negotiate contracts and deals with various service providers.
• Provide security guidance to IT team on daily security operations.
• Promote ongoing information security awareness campaigns to all users.
• Develop and maintain the head office cyber security incidents response plan.

 
Requirements:

• Bachelor's degree in Computer Science, Information Systems or related field.
• Minimum 10 years of IT experience, including at least 5 years in security management and IT governance, preferably in a company which operates across Greater China. 
• Practical experience and working knowledge of information security frameworks, audit principles, security administration processes, metrics collection and reporting.
• Deep knowledge of best practices in Information Security and solid understanding of technologies including, firewalls, intrusion prevention, penetration testing, data loss prevention, disaster recovery and other security solutions.
• Good understanding of network and system security principles such as defense in depth, least privilege, security information management, blue team/red team exercises and how they can be applied across organisations.
• Proven experience in formulating and executing IT governance, compliance initiatives and risk management.
• Proven success in developing, implementing, sustaining, and enhancing enterprise information security and risk management programmes.
• Ability to meet deadlines, to conduct and direct research into IT issues and products, and to take initiative in the development and completion of projects. 
• Must be a team player and able to work collaboratively with others.
• Excellent verbal and written communication skills to communicate with both technical staff and senior management.
• Fluent in Cantonese, Mandarin and English.
• Strong project management, organizational and time management skills. 
• Excellent problem solving, analytical and evaluative skills. 
• CISSP, CISM, CISA, CRISC certification(s) preferred.
• Familiarity with NIST CSF, ISO 27000, COBIT, SANS and ITIL security frameworks  

 
Application:
 
We offer a competitive package to the right candidate. Qualified and interested parties please send application quoting the above reference number and detailing contact information, education and employment background, and salary expectation through one of the following means:

Postal address:

Head of Staff Department
John Swire & Sons (H.K.) Limited
GPO Box 1, Hong Kong
Fax number: (852) 2946 8402

Only shortlisted candidates will be contacted.
 
We are an equal opportunity employer. All applications received will be used exclusively for selection purposes and handled confidentially by authorized personnel only. Your application may also be considered for other suitable positions within the Swire group.  (Please indicate clearly on your application if you would not like to be considered for other positions within the group.)  Unsuccessful applications will be destroyed after an appropriate time.