• The local bank with a personal touch, growing with our customers in Hong Kong, Pearl River Delta and beyond

• To create value for our customers by providing quality products and excellent service
• To grow with our employees through mutual commitment
• To increase shareholder value through sustainable returns on capital

We are looking for a "Senior Manager, Technology Risk and Information Security" to complete all of the deliverable. The ideal candidate will have experience in :

• Plan and design security architectures
• Manage information system security operations
• University graduate in Computer Science, IT

• Reporting to the Head of Technology Risk & Information Security, you will be responsible for providing information security recommendations and risk assessments; performing regular security assessment and penetration test; governing outsourcing service provider; reviewing and updating Security policy, guidelines and procedures; and promoting security awareness within the Group.

• Plan and design security architectures and implement different security solutions to safeguard the bank’s network and system
• Develop technical requirements and controls for network, system and data security
• Provide technical guidance to systems and network team regarding security configurations
• Define appropriate framework for cybersecurity monitoring and implement cybersecurity control mechanisms which are consistent with the bank’s risk strategy
• Manage information system security operations, including security operations performance
• Implement general IT risk and control mechanism such as access controls, and IT operations controls
• Detect, identify and monitor security vulnerabilities and make recommendations on remediation actions
• Act as a focal point for internal/external audit and regulator inspection role over technology risk and information security matters
• Taking up the project manager roles on the security related projects.
• Requirements:
• University graduate in Computer Science / Information Technology or equivalent
• Minimum 10 years of relevant work experience in information security / cybersecurity

• - ISC2 Certified Information Security Professional (CISSP)
• - ISACA Certified Information System Auditor (CISA)
• - ISACA Certified Information Security Manager (CISM)
• - ISC2 Certified Cloud Security Professional (CCSP)
• Solid experience in Microsoft Windows, AIX, Sun Solaris, Linux, CISCO router and switch, F5 ASM/APM/LTM, Checkpoint firewall, Juniper firewall, Trend Micro Deep Security, Splunk, Forcepoint Web Security Gateway, and ForeScout Network Access Control
• Solid experience in Windows PowerShell, UNIX shell script and Python
• Solid experience in performing vulnerability scanning, and penetration test
• Strong information security sense in relation to business requirements
• Excellent command of written English
• Mature, independent and able to deliver quality results under tight schedule
• Good communication and interpersonal skills