Vice President - IT Security

Location: Hong Kong
Job Type: Permanent
Industry: 零售和商業銀行
Reference: 34486_1683514802
Job Published: 2023年05月08日 11:00


  • To assist to establish a bank-wide Cybersecurity Security Framework
  • Assists to develop and maintain Cybersecurity strategy and program to guard against security exposure and technology risk
  • To optimizes the strategy and strengthen the practice for privileged ID support, key and eCert management
  • To assists to develop a "red teaming" exercise to provide regular internal assessments
  • To manage and perform regular vulnerability assessments / penetration testing for bank-wide applications and systems as per request
  • Assist Cybersecurity Team Head on various cybersecurity related projects including defining project scope, resources allocation, scheduling and technical implementation.
  • Assist Cybersecurity Team Head to develops & maintains information security standard & baseline, and ensure configuration compliance with established standard & baseline by conducting regular re-certification
  • To maintain and improve the effectiveness and efficiency on security related BAUs, and ensure to comply with regulatory requirements
  • Manage and maintain the performance of outsourcing security Vendor (e.g. SOC)
  • Evaluates, recommends and manages the implementation of security solution including but not limited to BYOD, DLP, DDoS, Phishing, APT, Cloud, etc
  • Reviews and comments IT infrastructure and application initiatives whether the design and architecture aligns with internal security policies and best practices
  • Develops, implements and reviews security awareness tips, training and testing
  • Advises Overseas branch with regards to IT security matters


  • Degree holder in Information Technology or related discipline.
  • Min 8 years' experience in IT and/or Information Security/Technology Risk Management in which at least 3 years in banking industry
  • Knowledge on various platforms' operation system such as Windows, Unix, Linux.
  • Know-how to detect, investigate and resolve Cyber attacks, and coordinate with law enforcement body or Cyber security protection alliance
  • Familiar in penetration tests and provide relative remediation for findings.
  • Familiar with network security products such as Firewall, Router, Switch, DDoS, IDS/IPS, Load-balancer, SSL VPN, End-point protection, DLP and APT solution.