Technology Risk Manager (Cyber Security Control Division)

Roles and Responsibilities & Specific Requirements (Cyber Security):

• Provide Cyber Security incident response operation and support.
• Experience in arrangement and co-ordination of cross-countries cyber incident response drills.
• Experience in Security operations, managing SOC, Offensive security, Container security,  Threat Hunting, OSINT, Darkweb monitoring, Malware analysis, DevSecOps , Digital forensics and Attack Surface Management.
• Research and evaluate on latest security threats and Cyber Threat Intelligence.
• Participate in Red & Purple Teaming exercises and relevant validation controls.
• Familiar with technologies on Firewall, IDS, IPS, WAF, SIEM, SOAR, DLP, UEBA, BAS, XDR, Deception and Network/Cloud Infrastructure are preferable.

General Job Requirements:

• Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
• Over 5 years of experience in IT security, technology risk management, compliance or IT audit function, gained from other sizable financial institutions
• Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC. Industry-recognized cyber security certifications ,such as OSCP/OSCE/OSWE/OSEE/GXPN/GPEN/GCPN/GCIH/GCFA/OSDA, is preferable
• Familiar with HKMA TM-E-1, TM-G-1, PCI-DSS, ISO 2700-series or other security risk management framework is an advantage
• Good command of written and spoken English with Mandarin is preferable and
• Good communication and interpersonal skills.