Penetration Test Specialist (Financial Services Consulting)

Why join us
You don’t join Forvis Mazars by coincidence, you choose Forvis Mazars: a global school of excellence where you will be challenged to develop and grow. Progression is tied to education, empowering you to match your career to your aspirations both within and outside our firm. We expect your contribution to what Forvis Mazars and our clients do next and reward your ingenuity. Come and write the rest of (y)our story with us – you’ll make friends along the way too. Forvis Mazars, the smart choice.
As the financial services consulting team in Hong Kong, we provide integrated solutions to financial institutions to help them anticipating change in a complex and volatile environment and meeting challenges of increasingly stringent regulations. We are seeking a Penetration Testing Specialist who is passionate about cybersecurity within the financial services sector. Working with our financial services clients you will gain significant exposure to clients operating in complex environments. With the support of partners, directors, and managers, you will be expected to support to an increasing in demand for our FS consulting services.
What You Can Expect
In your role as a Penetration Testing Specialist, you will:

• Conduct detailed penetration tests and vulnerability assessments across various IT systems within financial institutions, including but not limited to systems handling virtual assets.
• Develop security testing plans that are tailored not only to traditional financial systems but also to emerging technologies associated with virtual assets, such as blockchain.
• Collaborate with clients to assess and enhance their cybersecurity measures, with a particular focus on technologies involved in the management and transaction of virtual assets.
• Perform IT and security assessments based on regulatory requirements from bodies such as HKMA and SFC, ensuring compliance while addressing specific security concerns.
• Engage directly with client stakeholders, providing clear communication regarding security vulnerabilities, implications, and strategic recommendations.
• Maintain up-to-date knowledge of the latest cybersecurity threats, regulatory changes, and advancements in technology impacting both traditional financial services and the virtual assets sector.

Who We Are Looking For

• A bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field.
• 3 years of experience in cybersecurity, with specific expertise in penetration testing.
• Experience in virtual assets, blockchain technology, or related fields is highly preferred.
• Relevant industry certification in penetration testing such as OSCP, OSCE, OSEE, GPEN, CREST. Additional certifications in cybersecurity or blockchain technology are advantageous.
• Demonstrated ability to think analytically and solve complex problems.
• Excellent interpersonal and communication skills, capable of engaging effectively with both technical and non-technical stakeholders.
• Proficiency in English; fluency in Cantonese and Putonghua is highly preferred.
• Advanced skills in report writing and the creation of professional, insightful presentations and reports.
• Familiar with security standard references such as OWASP, SANS, NIST.
• Knowledge and experience of security testing methods and techniques, including network, operating system and application system configuration review and internal/external penetration testing.
• Knowledge and experience in web and mobile application security review and testing are desirable.

What we offer

We recognise that rewards are important to you. On top of the basic salary you will be receiving, we offer a range of staff caring benefits and policies including medical and dental insurance, life insurance, a 5-day working week, discretionary performance bonus, birthday leave, and marriage leave. Please apply with a detailed resume, contact numbers, current salary, expected salary, and availability in strict confidence.

All applications received will be used strictly for selection purpose only.