Job Description
Responsibilities:
- Be the Group Information Security champion to direct the design, implementation and governance of information security standard, security policy & guidelines, best practices and systems
- Research the latest information technology security trends and keep abreast of latest threat intelligence
- Conduct and manage group security risk assessment and compliance check on regular basis
- Be the point of contact to internal or external parties in all matters relating to information assurance and security
- Support and coordinate the execution of external and internal IT audit
- Own and manage the implementation and usage of security tools including end-point protection, security awareness, email protection, advanced threat protection, network security, mobile security, privileged account management, …, etc
- Direct the installation and configuration of infrastructure equipment (e.g., firewalls, end points), to guard against cybersecurity attack and protect sensitive information
- Be the overall responsible of the group security event detection and response function
- Lead the security operations team, including managed SOC, to effectively monitor, detect and investigate security incidents/events on 7x24 basis
- Coordinate closely with Infrastructure & Operations team to perform incident management on 7x24 basis
- Own and manage the Cybersecurity Awareness Program to regularly organize employee security training and carry out phishing test
- Recommend security enhancements to IT management
- Perform vendor management for security vendors
The Successful Candidates:
- University Degree in Computer Science or related disciplines
- At least 10 years experience in Information Security and Infrastructure, preferably in InfoSec or Security Operation environment
- Holder of security certificates (e.g. CISSP, CISM, CISA, CEH, ... etc.) is a must
- Holder of ISO 27001:2013 certification is highly desirable
- First-hand knowledge and proven experience with security monitoring, protection and automation products such as SIEM, UBA, PAM, CASB and SO Automation tools
- Hands-on experience with security infrastructure (e.g. Privileges ID management, Endpoint security, Firewall, PIM, IPS, DLP, APT and WAF) and web technologies (e.g. HTTP and .Net)
- Up-to-dated knowledge of technical security controls in a modern IT environment including private cloud, Microsoft Azure, Office 365 and Amazon Web Services
- Proven experience in designing and implementing security standard, policy and guidelines
- Experience of writing and introducing effective information security and compliance policies/guidelines
- Proven track record of leading in-house security operations team to perform incident management for security incidents and events including lessons learned
- Highly self-motivated and able to work under pressure
- Strong vendor management skill
- Good Interpersonal and Communication skills
- Customer focused and influential, with a strong desire to drive results
Click "Apply Now" to apply for this position or call Andrey Sin at +852 3180 4951 for a confidential discussion. All information collected will be kept in strict confidence and will be used for recruitment purpose only.