Security Specialist

The Job 

• Monitor internal/ external compliance reviews activities and follow up on deficiencies identified and ensure remediation steps have been taken
• Perform control and vulnerability assessments, assist in compliance monitoring reviews to identify control weaknesses, recommend remedial actions
• Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance cases if any
• Provide an advisory role to business units and IT groups to assess security requirements and control; enforce security control policies as planned
• Assist in development of security architecture, policies, standards and related processes
• Resolve negative audit findings reported by internal and external audits by working with the IT action owners and tracking the remediation progress
• Develop and validate baseline security configurations for operating systems, applications, networking and telecommunications equipment
• Research and assess new threats and security alerts, and provide recommendations on solutions
• Assist to build/ monitor the IT security architecture for the Company infrastructure and business application environment
• Promote IT risk awareness to business units

The Person 

• Degree holder in IT, Computer Science or related disciplines
• Minimum 8 years’ experience in IT industries with at least 2 years in security related role
• Solid experience on information security management framework such as ISO 27001, BS7799
• Certification in Information Security disciplines such as CISM, CISA or CISSP preferred
• Knowledge of Information Security best practices, such as PCIDSS or Secure SDLC is an advantage
• Strong project management and execution experience
• Self-motivated and able to work independently
• Good problem solving, analytical, communication and interpersonal skills
• Good command of written and spoken English and Chinese