The Group Information Services Department, located in Hunghom, strives to serve the system needs of Head Office and is responsible for coordinating the information technology related services within the CK Hutchison Group. 

We are looking for a Group Cyber Risk Consultant accountable to the Group Security Officer, to help identify, assess and remediate information risks associated with the use of technology in the Group through the establishment and maintenance of appropriate risk management and governance frameworks and processes.

Responsibilities:

• Develop and maintain Information Security policies, guidelines, standards, processes and procedures for the Group
• Lead and manage Group Level information risk management processes and work with Group and business unit stakeholders to facilitate information risk analysis and risk management processes, and communicate current risk posture
• Understand, communicate and apply Information Security controls to address internal and external compliance requirements
• Perform security risk and vulnerability assessments on IT systems, provide technical advice to ensure that all identified Information Security risks are mitigated and requisite Information Security controls are implemented
• Lead delivery of Information Security projects
• Provide input into Group Information Security strategy
• Conduct Information Security awareness programmes to promote security awareness to all employees
• Manage provisioning, de-provisioning, certification and attestation of identities and user access to applications, systems and files
• Conduct research to evaluate new emerging technologies and maintain an up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations and assist in benchmarking risk management practices against other companies

Requirements:

• University degree or above in IT, preferably with relevant professional qualifications such as CISSP, CISM, CCSP, SABSA etc.
• At least 5-8 years of relevant experience in Information Security field
• Experience in revamping, developing and maintaining Information Security policies, processes and procedures
• Knowledge of ISMS, ISO27000 series and other major Information Security frameworks
• Possess domain competencies in a number of Information Risk related disciplines, including risk management, business continuity management, privacy and compliance
• Experience implementing solutions for any of the following capabilities is a plus:
  • Governance, Risk and Compliance
  • Security Operations Centres
  • Identity and Access Management, and Privileged Identity Management
  • Cloud Access Security Brokers
  • Data Leakage Prevention and Information Rights Management
  • User Awareness Training Simulation and Testing
• Good problem solving and analytical skills and workshop facilitation skills
• Ability to learn and understand new concepts quickly to keep up with new emerging technology
• Strong communication, people management and interpersonal skills 

Salary and benefits will commensurate with experience and competence.  Please click the “APPLY NOW” button and include a detailed resume with indication of expected salary. 

We are an equal opportunity employer and welcome applications from all qualified candidates. Personal data collected will be treated in the strictest confidence and handled confidentially by authorised personnel for recruitment-related purposes only within the CK Hutchison Group of companies.  

Applicants not having heard from us within six weeks of the date of application may consider their applications unsuccessful. The personal data of unsuccessful applicants will be destroyed after the recruitment exercise pursuant to the requirements of the Personal Data (Privacy) Ordinance in Hong Kong. 

CK Hutchison, head office of a diversified group of companies with over 17,000 employees in Hong Kong and an additional 285,000 employees worldwide, invites high calibre and self-motivated individuals to join our organisation.