Roles and Responsibilities & Specific Requirements (Application Security):

• Assist in reviewing IT initiatives and provide advisory from technology risk perspectives
• Assist to establish and review policies, guidelines, procedures in application security area
• Provide advisory and practical guidance to support technology risk and information security assessments, include vulnerability scanning, penetration test etc.
• Conduct regular assessment on application security
• Familiar with security testing tools e.g. Fortify, AppScan and Open Source Scanning tools, technologies on DevSecOps and industry good practice OWASP is preferable

Roles and Responsibilities & Specific Requirements (System Security):

• Research and evaluate latest trend & technologies on information security and fintech area, such as FinTech, Artificial Intelligence, Big Data, Cloud Computing etc.
• Conduct regular assessment on OS platform security & middleware software security
• Plan and conduct security assessment in area of physical security (e.g.: data center security)
• Assist to establish and review policies, guidelines, procedures in system security、physical security and fintech technology security area
• Familiar with system platform operation and system architecture design is preferable

Roles and Responsibilities & Specific Requirements (Third-Party Security):

• Drive security assessments of third-party vendor focusing on compliance with regulations, company policies, and internal controls.
• Oversee information security risk management processes for onboarding and off-boarding of third-party vendor relationships.
• Communicate to business units and cross-functional teams regarding third-party vendor risk issues and/or control gaps, and recommends remediation initiatives.
• Provide awareness by conducting training on third-party vendor risk management framework. 
• Contribute to internal practice development initiatives and technology risk knowledge base
• Stay informed about latest developments in third-party vendor risk management field.

Roles and Responsibilities & Specific Requirements (Information Security):

• Assist senior manager to formulate and manage information security policies, standards and procedures.
• Plan and conduct information security assessment and IT risk evaluation in area covering IT general controls, information asset management, access controls and endpoint security review, etc.
• Plan and carry out various information security assurance activities, such as computer accounts re-certification.
• Review the initiation of security configuration changes, such as access rules, data leakage prevention policies.
• Co-operates with system administrators to deploy various information security controls or tools, and take lead to conduct appropriate remedial action on security incidents.
• Act as a subject matter expert to assist business units and cross-functional teams in identifying and mitigating information security risks and/or control gaps, and recommends remediation initiatives.

General Job Requirements:

• Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
• Over 4 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
• Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
• Familiar with HKMA TMG-1, TM-E-1, PCI-DSS, ISO 2700-series or other security risk management framework is an advantage
• Good command of written and spoken English with Mandarin is preferable and
• Good communication and interpersonal skills;
• Flexibility in traveling.
• Candidate with less experience will be considered as Assistant Manager.