The Job

• Lead information security project implementation and drive external IT vendor, system integrator, or consultant to complete projects on schedule and within budget.
• Manage information security systems and services to ensure compliance with the organisation’s IT security policy, standard, ISO/IEC 20000/27001, and regulatory requirements.
• Perform risk assessment on IT systems or projects to identify potential security weaknesses and non-compliance issues.
• Analyze emerging cyber threats across infrastructure, applications, cloud, AI, and supply chains, and recommend appropriate security solutions and controls to mitigate the identified risks.
• Responsible for handling information security incident and developing preventive measures.
• Assist management to develop or update IT security standards and procedures.
• Collaborate closely with IT teams and business users to ensure successful enablement of cybersecurity solutions.
• Coach and provide technical guidance to less experienced peers.
• Perform other ad-hoc tasks when required.

The Person

• Degree holder in Computer Science or related discipline with relevant qualification in information security would be preferred.
• 8 years’ work experience in IT, and at least 5 years in information security in a sizable organization.
• Solid foundation in enterprise information security domains, such as firewalls, WAF, DLP, cloud and application security, EDR/NDR, SIEM/SOAR, and DevSecOps etc..
• Experiences in implementing IT/security framework (e.g. ITIL, ISO/IEC 20000, 27001, NIST CSF, or Digital Policy Office Practice Guide).
• Hold at least one professional information security certification, such as CISSP, CISM, CEH, CRISC, or CCSP.
• Data analytical and/or programming skills for process automation will be an advantage.
• Capable of defining functional and/or technical specifications for external IT consultants, vendors, or service providers to deliver solutions.
• A self-motivator who has a “can-do” attitude and innovative mindset.
• Proven track record in managing large-scale security projects with the ability to deliver on time and within budget.
• Well organised and able to prioritise and complete tasks efficiently.
• Strong interpersonal, time management, and communication skills, with proficiency in both English and Chinese.