Job Position
Specialist I (Information Security)
Major Responsibilities
- Participate in the development and maintenance of corporate-wide information security framework, policy, guideline, standard, and operation procedures with reference to ISO27001 standard and applicable best practices;
- Perform day-to-day security administration and operation including but not limited to management of end users and privileged accounts, keys and certificates, review of security logs, performance of technical vulnerability assessment and penetration testing as well as handling of security incidents, etc.;
- Assess and recommend information security control measures, as well as monitor the implementation for major projects;
- Participate in the implementation of security solutions and infrastructure collaborating with internal teams and external service providers;
- Monitor and analyse security events for detection, investigation and response to potential security issue;
- Maintain and monitor appropriate computer and network access controls, data, and physical security to ensure no security exposure;
- Participate in cyber threat intelligence analysis when required
- Assist to define information security risk indicators; collect, analyse and interpret the corresponding statistics for assisting senior management in overseeing information security risk;
- Identify control gaps, review the residual risk level and make recommendation for risk treatment;
- Interpret security key risk statistics for reporting to senior management on regular basis
- Promote security awareness and ensure compliance with applicable security standards
- Review and make recommendation on using of Open Source Software (OSS) and freeware
- Execute security operation procedures in accordance with the corporate information security policy and guidelines when required
- Keep abreast of technological knowledge in managed area of responsibility, and provide recommendations for adaptation of new security technologies and standard with reference to prevailing industry best practices
- Perform other job duties as assigned by the supervisors
Requirements
- University degree preferably in information technology, information security or related discipline
- Minimum 4 years of experience in information security or related field
- Knowledge in security practices and standards commonly adopted by the banking/financial industry such as the Cyber Resilience Assessment Framework (C-RAF), SWIFT Customer Security Controls Framework (CSCF), ISO27001 standard, etc. is an advantage;
- Team player with sound interpersonal, communication and presentation skills as well as excellent problem solving and analytical skills;
- Holder of security certificates - CRISC, CISA, CISM, CISSP or other equivalent certificates is an advantage
- Experience and knowledge in the area of public and/or private cloud security is an advantage
- Practical experience and knowledge in risk management framework and methodology is desirable
- Experience in working for major financial institutions is preferred but not a must
- Good command of written and spoken English and Chinese
- Willing to work shift duty (evening shift normally from 12:30 to 21:30 with shift duty allowance)
- Candidate from non-financial industries will also be considered
- Candidate with less experience may be considered for appointment as Specialist II (Information Security)
Application Method
Interested parties please send your curriculum vitae stating your current and expected salaries, and the contact phone number to the Human Resources Division, Unit B, 25/F, MG Tower, 133 Hoi Bun Road, Kwun Tong, Kowloon or e-mail it to hrm@hkicl.com.hk. All applications and personal information collected will be treated in strict confidence and only be used for the purpose of recruitment and selection. The information collected will be accessed by our authorized personnel only. Those applicants not contacted by the Human Resources Division within two months from their application date should consider their applications filed for future reference which will be retained for one year for possible future job matching, and will be destroyed after the expiry of one year.