Senior Technology Risk Manager /Technology Risk Manager (Cyber Security Control Division)

Responsibilities:

1. Provide Cyber Security incident response operation and support.
2. Experience in arrangement and co-ordination of cross-countries cyber incident response drills.
3. Experience in Security operations, managing SOC, Offensive security, Container security,  Threat Hunting, OSINT, Dark Web monitoring, Malware analysis, SecOps , Digital forensics , Attack surface management, Anti-DDoS solution, AI/LLM security, Threat modeling, Supply chain cybersecurity, Vulnerability management and Bug bounty programs.
4. Research and evaluate on latest security threats and Cyber Threat Intelligence.
5. Participate in Red & Purple Teaming exercises and relevant validation controls.
6. Familiar with technologies on Firewall, IDS, IPS, WAF, DNS Security, Email Security, Endpoint Security, SIEM, SOAR, DLP, UEBA, BAS, XDR, Deception, Generative AI/Machine Learning, Zero Trust, Micro-segmentation and Network/Cloud Infrastructure are preferable.

Job Requirements:

1. Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
2. Over 5 years of experience in IT security, technology risk management, compliance or IT audit function, gained from other sizable financial institutions
3. Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CISM. Industry-recognized cyber security certifications ,such as OSCP/OSCE/OSWE/OSEE/GXPN/GPEN/GCPN/GCIH/GSOC/ GCFA/OSDA, is preferable
4. Familiar with HKMA TM-E-1, TM-C-1, TM-G-1, C-RAF, PCI-DSS, ISO 27001, PDPO, NIST, MITRE ATT&CK, OWASP,  Protection of Critical Infrastructures (Computer Systems) Bill or other security risk management framework or regulatory requirements is an advantage
5. Good command of written and spoken English with Mandarin is preferable and
6. Good communication and interpersonal skills.