The Job

• Establish and maintain information security policy or standards to meet business, legal and regulatory requirements.
• Perform risk assessment on IT systems or new projects to identify potential security weaknesses and non-compliance issues.
• Lead the implementation of information security projects, with vendor support and collaboration with IT teams.
• Manage daily information security operation, such as security event monitoring, vulnerability management and performance tuning of security tools.
• Responsible for information security incident investigation and take action to resolve incident and develop preventive measures.
• Define and design appropriate management processes or security controls to protect corporate IT systems and data.
• Provide technical advice about latest cybersecurity threats and recommend technology solutions.
• Supervise and coach subordinates on customer services and continuous improvement.
• Perform other ad-hoc tasks when required.

The Person

• Degree holder in Computer Science / Information Technology or related discipline.
• Possess one or more professional certifications (e.g. CISSP, CISM) is an advantage.
• At least 12 years' work experiences in IT, including minimum 6 years in information security or technology risk management in a sizeable organization.
• Strong technical knowledge in information security domains related to IT infrastructure, network, endpoint, cloud, application, identity & access management, threat intelligence, and security operations.
• Solid hands-on experiences in managing security tools (e.g. firewalls, SIEM, SASE, DLP) would be preferred.
• Good understanding of ISO/IEC27001 and other cyber security management framework or best practices.
• Sound experience in security incident response.
• Strong problem-solving or analytical skills, and able to communicate effectively.
• Demonstrate positive, proactive, and structured approach in task execution.
• Customer-oriented and able to work collaboratively with other teams.
• Proficiency in managing vendors to deliver projects on time and within budget.
• Candidates with less work experiences may be considered for the position of Senior Security Analyst.