Cybersecurity Specialist (Financial Services Consulting)

Why join us

You don’t join Forvis Mazars by coincidence, you choose Forvis Mazars: a global school of excellence where you will be challenged to develop and grow. Progression is tied to education, empowering you to match your career to your aspirations both within and outside our firm. We expect your contribution to what Forvis Mazars and our clients do next and reward your ingenuity. Come and write the rest of (y)our story with us – you’ll make friends along the way too. Forvis Mazars, the smart choice.

As the financial services consulting team in Hong Kong, we provide integrated solutions to financial institutions to help them anticipating change in a complex and volatile environment and meeting challenges of increasingly stringent regulations. We are seeking a Cybersecurity Specialist who is passionate about cybersecurity within the financial services sector. Working with our financial services clients you will gain significant exposure to clients operating in complex environments. With the support of partners, directors, and managers, you will be expected to support to an increasing in demand for our FS consulting services.

What You Can Expect

In your role as a Cybersecurity Specialist, you will:

• Provide expert advice on security frameworks and best practices. Develop and implement cybersecurity strategies tailored to financial institutes and collaborate with clients to enhance their cyber security posture and compliance with regulations.
• Conduct risk assessments, vulnerability analyses, penetration testing and/or attack simulation to identify potential threats.
• Monitor and respond to security incidents, ensuring rapid remediation.
• Stay updated on emerging threats, technologies, and regulatory changes. Conduct training and awareness programs for clients and internal teams.
• Prepare and present reports on cyber security status and improvements.
• Conduct detailed penetration tests and vulnerability assessments across various IT systems within financial institutions, including but not limited to systems handling virtual assets.
• Develop security testing plans that are tailored not only to traditional financial systems but also to emerging technologies associated with virtual assets, such as blockchain.
• Collaborate with clients to assess and enhance their cybersecurity measures, with a particular focus on technologies involved in the management and transaction of virtual assets.
• Perform IT and security assessments based on regulatory requirements from bodies such as HKMA, SFC etc., ensuring compliance while addressing specific security concerns.
• Engage directly with client stakeholders, providing clear communication regarding security vulnerabilities, implications, and strategic recommendations.
• Maintain up-to-date knowledge of the latest cybersecurity threats, regulatory changes, and advancements in technology impacting both traditional financial services and the virtual assets sector.
  
   

Who We Are Looking For

• A bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field.
• 2-5 years of experience in cybersecurity, advantage with specific expertise in penetration testing and/ or simulation attacks. Candidate with more experiences will be considered for a senior role.
• Experience with Big4 or similar consulting firms. Experience in virtual assets, blockchain technology, or related fields is highly preferred.
• Relevant industry certification such as CISM, CISSP. Additional certifications in cybersecurity or blockchain technology, such as OSCP, OSCE, OSEE, GPEN, CREST, are advantageous.
• Demonstrated ability to think analytically and solve complex problems.
• Excellent interpersonal and communication skills, capable of engaging effectively with both technical and non-technical stakeholders.
• Proficiency in English; fluency in Cantonese and Putonghua is highly preferred.
• Advanced skills in report writing and the creation of professional, insightful presentations and reports.
• Familiar with security standard references such as OWASP, SANS, NIST.
• Knowledge and experience of security testing methods and techniques, including network, operating system and application system configuration review and internal/external penetration testing.
• Knowledge and experience in web and mobile application security review and testing are desirable.
   

What we offer

We recognise that rewards are important to you. On top of the basic salary you will be receiving, we offer a range of staff caring benefits and policies including medical and dental insurance, life insurance, a 5-day working week, discretionary performance bonus, birthday leave, and marriage leave. Please apply with a detailed resume, contact numbers, current salary, expected salary, and availability in strict confidence.

All applications received will be used strictly for selection purpose only.