Senior Manager, Technology Risk and Information Security
About Dah Sing Group
The Dah Sing Group is a leading financial services group in Hong Kong offering banking, insurance, financial and other related services through its growing network of over 70 branches in Hong Kong, Macau and Mainland China.
Our currency is caring, teamwork and progressiveness. We accept that everyone is unique and different in talent, but alike in the capacity for growth. Our task is to shape a culture that creates a sense of pride in achieving something beyond just a job, and an environment where you can be your true and authentic self, like at home.
Reporting to the Head of Technology Risk & Information Security, you will be responsible for providing information security recommendations and risk assessments; performing regular security assessment and penetration test; governing outsourcing service provider; reviewing and updating Security policy, guidelines and procedures; and promoting security awareness within the Group.
- Plan and design security architectures and implement different security solutions to safeguard the bank's network and system
- Develop technical requirements and controls for network, system and data security
- Provide technical guidance to systems and network team regarding security configurations
- Define appropriate framework for cybersecurity monitoring and implement cybersecurity control mechanisms which are consistent with the bank's risk strategy
- Manage information system security operations, including security operations performance
- Implement general IT risk and control mechanism such as access controls, and IT operations controls
- Detect, identify and monitor security vulnerabilities and make recommendations on remediation actions
- Act as a focal point for internal/external audit and regulator inspection role over technology risk and information security matters
- Taking up the project manager roles on the security related projects.
One or more certificates listed below: - ISC2 Certified Information Security Professional (CISSP)
- University graduate in Computer Science / Information Technology or equivalent
- Minimum 10 years of relevant work experience in information security / cybersecurity
- Banking exposure is essential
- ISACA Certified Information System Auditor (CISA)
- ISACA Certified Information Security Manager (CISM)
- ISC2 Certified Cloud Security Professional (CCSP)
Candidates with less experience will be considered as Manager role.
- Solid experience in Microsoft Windows, AIX, Sun Solaris, Linux, CISCO router and switch, F5 ASM/APM/LTM, Checkpoint firewall, Juniper firewall, Trend Micro Deep Security, Splunk, Forcepoint Web Security Gateway, and ForeScout Network Access Control
- Solid experience in Windows PowerShell, UNIX shell script and Python
- Solid experience in performing vulnerability scanning, and penetration test
- Strong information security sense in relation to business requirements
- Excellent command of written English
- Mature, independent and able to deliver quality results under tight schedule
- Good communication and interpersonal skills
Please note that only shortlisted candidates will be notified.