- Participate in the preparation and regular reviews and updates of IT security standards and guidelines. Lead and manage the implementation and enforcement of IT security controls, processes and procedures.
- Ensure system risks are properly identified, assessed, mitigated and managed periodically.
- Liaise with IT development teams to ensure IT security best practice is catered throughout the system development and maintenance processes. Ensure security is factored into the evaluation, selection, installation and configuration of hardware, software and applications.
- Keep current with the latest security threats and risks. Manage regular review on IT security on system infrastructure, access control, network, software, applications, desktops and endpoints.
- Work with internal parties and vendors to conduct system penetration test and vulnerability test.
- Perform incident verification and investigation and work with various teams to resolve security incidents. Follow through any issues reported and ensure they are resolved or mitigated in a timely manner.
- Provide IT compliance advice.
- Bachelor Degree in Computer Science, Information Systems or related discipline.
- Minimum 7 years of total IT experience with 5 years in information security or compliance. Candidate with more experience will be considered for senior positions.
- Recognized certificate holder from organizations such as ISC2, CSX, GIAC or ISACA is a definite asset.
- Experience in financial or insurance industry is an advantage.
- Self-motivated, responsible, able to work independently.
- Good interpersonal and communication skills. Good command of Chinese and English.
- Occasional travel to Mainland China and Southeast Asian countries is required.
If you are interested in this role, please apply below or contact me for more information.