The Job

• Establish and maintain information security policy or standards to meet business, legal and regulatory requirements.
• Perform risk assessment on IT systems or new projects to identify potential security weaknesses and non-compliance issues.
• Lead the implementation of information security projects, with vendor support and collaboration with IT teams.
• Manage security operations and systems support.
• Responsible for information security incident investigation and taking action to resolve incidents and developing preventive measures.
• Define and design appropriate management processes or security controls to protect corporate IT systems and data.
• Provide technical advice about the emerging cybersecurity threats and recommend technology solutions.
• Supervise and coach subordinates on customer service and continuous improvement.
• Perform other ad-hoc tasks when required.

The Person

• Degree holder in Computer Science / Information Technology or related discipline.
• Possess one or more professional certifications (e.g. CISSP, CISM) is an advantage.
• At least 12 years' work experience in IT, including a minimum 6 years in information security or technology risk management in a sizeable organization.
• Strong technical knowledge in information security domains related to IT infrastructure, network, endpoint, cloud, application, identity & access management, threat intelligence, and security operations.
• Solid hands-on experiences in managing security tools (e.g. firewalls, SIEM, SASE, DLP, EDR, or email security) would be preferred.
• Good understanding of ISO/IEC27001 and other cybersecurity management frameworks or best practices.
• Sound experience in security incident response.
• Strong problem-solving or analytical skills, and able to communicate effectively.
• Demonstrate a positive, proactive, and structured approach in task execution.
• Customer-oriented and able to work collaboratively with other teams.
• Proficiency in managing vendors to deliver projects on time and within budget.