Job Purpose:

• Maintain the Company’s information security framework and underlying policies, procedures, standards and guidelines.
• Set standards for access controls, audit trailing, event reporting, encryption and integrity controls.
• Manage day-to-day activities of the security operation center’s service provider regarding to the routine security monitoring, changes of firewall rules and other security policies, and incidents happening on all aspects of IT security services including cyber security.
• Work closely with the security operation center to review system logs, alerts and reports on the cyber-attacks and insider threats.
• Review the statistics reports, performance reports, status reports, utilization reports, etc. produced by the service provider and report to the management for any abnormal findings.
• Conduct monthly and ad hoc meetings with the service provider on the review of their performance, change status and incidents.
• Perform day-to-day security risk controls by reviewing the change requests especially on those affecting the security policies such as the firewall rule changes.
• Work with vendors to support security for the Company’s Digital Transformation.

Main Responsibilities:

• Manage the service provider to conduct the periodic vulnerability scanning on server and system levels and independent risk assessment by third party.
• Review the vulnerability scanning and assessment results and provide consultancy to IT teams to address the discovered risk issues.
• Assess information security risk periodically.
• Work with Application & Technical teams to consider security solutions for new project and/or regulator’s new requirements.
• Conduct functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
• Evaluate and recommend new information security technologies and counter-measures against threats to information or privacy.
• Thoroughly conduct and complete annual reviews and audits as required engaging both internal IT teams and external service partners.
• Coordinate with the service provider to conduct annual drill on cyber security.
• Need to prepare the regular report to present in Information Technology Steering committee meeting.
• Perform the regular review on the update of related policies, guidelines &/or procedures in order to fulfill the GL20.
• Support the internal and/or external auditor’s requests.
• Conduct staff security awareness training programs.
• Ensure the security operation center vendors’ quality of their service / products.
• Perform user support, training and cross team knowledge transfer where appropriate.
• Perform ad hoc projects as assigned by supervisor.

Incumbent Requirements:

• University graduate or equivalent professional qualification in Information Technology, Computer Science or relate discipline.
• Holder of CISA, CISM, CISSP or relevant certification is preferred.
• At least 8 years relevant working experience in information security and cyber security.
• Solid experience in managing vendors on IT security system setup, security monitoring, and managed security services.
• Solid experience in developing security guidelines and policies for insurance, banking or finance companies.
• Strong knowledge in cyber security, cryptography, network design, Internet technologies and threat intelligence.
• Hands-on working experience in next-generation firewall, WAF, IDS/IPS, email gateway, proxy, DLP, etc.
• Hands-on working experience in vulnerability scanning, penetration test, system hardening is preferred.
• Excellent command in both spoken and written English as well as Mandarin is required.

Tahoe Life Insurance Company Limited is a wholly-owned subsidiary of Tahoe Investment Group Company Limited.  Adhere to the aspiration of fulfilling social responsibility, we endeavor to serve our customers with sincerity, creating a brilliant future for our customers and the enterprise.

As the core business of Tahoe Investment’s financial arm, we are dedicated to offering comprehensive wealth management and life planning services.  We strive to be the leader in the high-end life insurance sector, taking care of our customers’ life cycles.