IT Cybersecurity Manager
PCCW
full-time
Posted on:
Location Type: Office
Location: Hong Kong • 🇭🇰 Hong Kong
Visit company websiteJob Level
SeniorLead
Tech Stack
SDLC
About the role
- Monitor internal/external compliance reviews activities and follow up on deficiencies identified and ensure remediation steps have been taken
- Perform control and vulnerability assessments to identify gaps and weaknesses.
- Assist in compliance monitoring and recommend remediation actions
- Provide oversight into vulnerability scanning results to ensure timely remediation actions
- Develop appropriate metrics for reporting to track exceptions and remediation process
- Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance cases if any
- Provide an advisory role for IT stakeholders to assess security requirements and control; enforce security control policies as planned
- Assist in development of security guidelines, standards and related processes
- Collaborate with internal or external parties to conduct necessary assessments such as penetration tests, compliance reviews, third-party vendor assessments, and audits.
- Follow through on findings and recommendations to close out identified gaps.
- Develop and validate baseline security configurations for operating systems, applications, networking and telecommunications equipment
- Research and assess new threats and security alerts, and provide recommendations on solutions
- Assist to build/review/monitor the IT security architecture for the Company infrastructure and business application environment
- Promote IT risk awareness to internal stakeholders
Requirements
- Degree holder in IT, Computer Science or related disciplines
- Minimum 10 years’ experience in IT industries with at least 5 years in security related role
- Solid experience on information security management framework such as ISO 27001, BS7799
- Certification in Information Security disciplines such as CEH, CISM, CISA or CISSP preferred
- Knowledge of Information Security best practices, such as PCI DSS or Secure SDLC is an advantage
- Hands-on experience of vulnerability management and/or penetration testing
- Previous experience in full stack security solution implementation such as EDR, Firewall, SIEM, incident response, or governance, risk, and compliance (GRC) is highly desirable
- Strong project management and execution experience
- Self-motivated and able to work independently
- Good problem solving, analytical, communication and interpersonal skills
- Good command of written and spoken English and Chinese.
- Candidate with less experience will be considered for Senior Security Specialist position
Benefits
- Health insurance
- Flexible working hours
- Professional development opportunities
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
vulnerability managementpenetration testinginformation security management frameworkISO 27001BS7799EDRFirewallSIEMincident responsegovernance, risk, and compliance (GRC)
Soft skills
project managementproblem solvinganalytical skillscommunication skillsinterpersonal skillsself-motivatedindependent work
Certifications
CEHCISMCISACISSP