Manager, Technology Risk
- Hong Kong
- CDI, Plein-temps
- Dah Sing Financial Group
- 22 mars 19
Manager, Technology Risk
Design, develop and update Information security policies, standards and guidelines.
Research security standards, security systems and authentication protocols.
Perform risk analyzes on existing security infrastructure and implement security enhancements.
Implement systems and procedures to enable digital forensics capabilities.
Develop technical requirements and controls for network, system and data security.
Provide technical guidance to systems and network team regarding security configurations.
Participate in developing, tuning and implementing threat detection analytics.
Apply process to ensure that IT operational and control risks are at an acceptable level within the risk thresholds of the bank, by evaluating the adequacy of risk management controls.
Assist in communicating the risk management standards, policies and procedures to stakeholders.
Analyze and report to management, and investigate into any non-compliance of risk management policies and protocols.
Define appropriate framework for cybersecurity monitoring (including monitoring requirements, indicators, datasets, collection and analytical methods).
Analyze cybersecurity incidents and make recommendations on remediation actions.
Collect data on cybersecurity related risk, attacks, breaches and incidents, including external data and statistics as appropriate.
Investigate security incidents by gathering evidence and reviewing system logs / audit trails.
Involve in project team on developing a new system for the bank. Provide solution and advice related to security of the system, network and IT infrastructure.
Prepare and conduct security awareness training to the bank.
Conduct regular security assessment on the system, network and IT infrastructure used by the bank.
Play a governance role on the IT outsourcing service provider. Perform regular security assessment on IT outsourcing service provider.
- Minimum 5 years of relevant work experience in information security / cybersecurity.
- University graduate in Computer Science / Information Technology or equivalent.
- One or more certificates listed below:
- ISC2 Certified Information Security Professional (CISSP)
- ISACA Certified Information System Auditor (CISA)
- ISACA Certified Information Security Manager (CISM)
- ISC2 Certified Cloud Security Professional (CCSP)
- HKIB Associate Cybersecurity Professional (ACsP)
- CCASP Practitioner Security Analyst (CPSA)
- Experience in Microsoft Windows, AIX, Sun Solaris, Linux, CISCO router and switch, F5 ASM/APM/LTM, Checkpoint firewall, Juniper firewall, Trend Micro Deep Security, Splunk, Forcepoint Web Security Gateway and ForeScout Network Access Control.
- Solid experience in Thales payShield HSM and nShield HSM
- Solid experience in performing vulnerability scanning, penetration test and technology risk assessment
- In depth knowledge in the security controls of client server technology, web applications (using HTML, Java, Ajax, and .NET) and database (such as Oracle, DB/2, MS-SQL and Sybase)
- Familiar with the Supervisory Policy Manual of HKMA, Personal Data Privacy Ordinance, PCI Data Security Standard, and Customer Security Controls Framework of SWIFT and SFC guidelines
- Familiar with Public Key Infrastructure (PKI) and ANSI x9.17 Key Management Standard
- Banking experience is an advantage
- Strong information security sense in relation to business requirements
- Excellent command of written English
- Mature, independent and able to deliver quality results under tight schedule
- Good communication and interpersonal skills
Please note that only shortlisted candidates will be notified.