Responsibilities:
- To assist to establish a bank-wide Cybersecurity Security Framework
- Assists to develop and maintain Cybersecurity strategy and program to guard against security exposure and technology risk
- To optimizes the strategy and strengthen the practice for privileged ID support, key and eCert management
- To assists to develop a "red teaming" exercise to provide regular internal assessments
- To manage and perform regular vulnerability assessments / penetration testing for bank-wide applications and systems as per request
- Assist Cybersecurity Team Head on various cybersecurity related projects including defining project scope, resources allocation, scheduling and technical implementation.
- Assist Cybersecurity Team Head to develops & maintains information security standard & baseline, and ensure configuration compliance with established standard & baseline by conducting regular re-certification
- To maintain and improve the effectiveness and efficiency on security related BAUs, and ensure to comply with regulatory requirements
- Manage and maintain the performance of outsourcing security Vendor (e.g. SOC)
- Evaluates, recommends and manages the implementation of security solution including but not limited to BYOD, DLP, DDoS, Phishing, APT, Cloud, etc
- Reviews and comments IT infrastructure and application initiatives whether the design and architecture aligns with internal security policies and best practices
- Develops, implements and reviews security awareness tips, training and testing
- Advises Overseas branch with regards to IT security matters
Requirements:
- Degree holder in Information Technology or related discipline.
- Min 8 years' experience in IT and/or Information Security/Technology Risk Management in which at least 3 years in banking industry
- Knowledge on various platforms' operation system such as Windows, Unix, Linux.
- Know-how to detect, investigate and resolve Cyber attacks, and coordinate with law enforcement body or Cyber security protection alliance
- Familiar in penetration tests and provide relative remediation for findings.
- Familiar with network security products such as Firewall, Router, Switch, DDoS, IDS/IPS, Load-balancer, SSL VPN, End-point protection, DLP and APT solution.
