Senior Manager/ AM/ Analyst, IT security
Location : Central and Western District
Post Date : 15 September 2017
- Work in the IT Infrastructure team with main focus on information security;
- Act as an internal expert and adviser for all IT security matters to other IT teams;
- Design and implement information security projects including APT solution, SIEM, security training, vulnerability and patch management, privilege account management, NAC, UEBA, WAF, NG firewall, IPS, DLP, secured web proxy, DR site, anti-virus and anti-malware, VPN…etc. and administer and maintain and support the above platforms and solutions upon completion of implementation.
- Lead and handle information security requests, incidents or breaches day to day. Proactively follow through and provide support to the case, mitigation and recovery, investigation, reporting and improvement in the future;
- Establish and enrich IT security policies, standards, procedures and guidelines with up-to-date industry standard. Review and identify IT security risk and recommend improvement resolution;
- Develop and enrich security breach contingency plan document. Lead and execute drills as according to the plan regularly;
- Plan, coordinate and conduct IT security audit, regular security assessment and penetration test solely or with external parties. Prepare the result and provide recommendation for the test results.
- Plan, coordinate and conduct regular employee security training;
- Research on new information security technology and perform product evaluation with vendors.
- Provide day-to-day maintenance and support on general infrastructure areas as well.
- Bachelor degree in Information Security, Information Technology, Computer Science or related disciplines;
- Minimum 4 years practical experience in IT security such as in-house IT security officer, SOC analyst/operator or IT security consultant companies.
- IT security certification holder such as CISSP or equivalent is a must;
- Hand on experience in IT security project management, emergency mitigation and IT security assessment is preferable;
- Working experience in financial sector is an added advantage;
- Sound knowledge of Splunk Enterprise Security is an added advantage;
- Knowledge in the IT security industrial standard such as ISO27001 is an advantage;
- Knowledge of Information Security best practices, such as PCIDSS or Secure SDLC is an advantage;
- Exposure to different IT security vendor products.
- Proficient level of familiarity with infrastructure administration e.g. firewall, IPS, VPN, APT
To apply online (Word attachment only), please click the 'Apply' button. Please note that only short-listed candidates will be contacted.
41 Connaught Road,