職位招聘

職位招聘

Job Position
Specialist I (Technology Risk Management)
Major Responsibilities
  • Develop and maintain corporate-wide information security policy, technology risk management process and ISMS in compliance with the ISO27001 standard
  • As a second line of defense, assist risk owners in identifying and measuring risks to build a corporate-wide security and technology risks profile
  • Assist senior management in overseeing security and technology risks by ensuring controls are properly designed, implemented and operated as intended, and ascertain the consistency of risk assignment
  • Review residual risk level and control effectiveness to make recommendation for risk treatment
  • Interpret security key risk statistics for reporting to senior management on regular basis
  • Coordinate to evaluate emerging cyber threat scenario for continuous improvement on cyber security response preparation in Business Continuity Plan (BCP)
  • Promote security awareness and ensure compliance with applicable security standards
  • Participate in cyber threat intelligence analysis to gauge the prevailing cyber threat landscape, and make recommendation on improving the company risk posture
  • Review and make recommendation on using of Open Source Software (OSS) and freeware
  • Perform security administration including corporate level user identity and access management, privileged account management, digital certificates renewal, etc. when required
  • Execute security operation procedures in accordance with the corporate information security policy and guidelines when required
  • Keep abreast of technological knowledge in managed area of responsibility, and provide recommendations for adaptation of new security technologies and standard with reference to prevailing industry best practices
  • Perform other job duties as assigned by the supervisors
Requirements
  • University degree preferably in information technology, information security or related discipline
  • Minimum 4 years of experience in information security or technology risk management field
  • Holder of security certificates - CRISC, CISA, CISM, CISSP or other equivalent certificates is preferred
  • Practical experience and knowledge in risk management framework and methodology
  • Knowledge in security control frameworks such as C-RAF published by the HKMA or ISO27001 standard, etc.
  • Experience in working for major financial institutions is preferred but not a must
  • A good team player with sound interpersonal and communication skills
  • Good command of spoken and written English and Chinese
  • Candidates from non-financial industries may also be considered and those with less experience may be considered for appointment as Specialist II (Technology Risk Management)
Application Method
Interested parties please send your curriculum vitae stating your current and expected salaries, and the contact phone number to the Human Resources Division, Unit B, 25/F, MG Tower, 133 Hoi Bun Road, Kwun Tong, Kowloon or e-mail it to hrm@hkicl.com.hk.
All applications and personal information collected will be treated in strict confidence and only be used for the purpose of recruitment and selection. The information collected will be accessed by our authorized personnel only. Unsuccessful applications will be retained for two years for possible future job matching, and will be destroyed after the expiry of two years.