Qualifications
Education
- Bachelor degree or above in Computer Science, Engineering, or related field.
Certification
- Information Security and/or Information Technology industry certification (CISSP, CISM, ISO 27001 or equivalent) strongly preferred
Overall work experience in the field
- Experience in information security > 5 years
- Knowledge of security management, risk management and governance framework, network security
- Experience in security risk assessment, and audit remediation follow-ups
- Sound knowledge and hands-on experience in various security technologies and tools (e.g. Qualys, SEPM, etc.)
- Experience in vulnerabilities and patch / remediation management
- Experience in security assessment and audit remediation management
- Background in networks and/or systems management is preferred but not essential
- Experience in preparing security process documents
- Background in security incident response and management
Skills / abilities
- Cross cultural sensitivity, flexibility
- Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively
- Good interpersonal and communication skills, works effectively as a team player
- Good analytical skills
- Proficient in English and preferably Cantonese
Duties
- Drive regional threats and vulnerability management (Initiate actions for critical VaIT advisories / alerts) and remediation tracking
- Responsible for providing highly technical specialist advice and expertise to the Regional Information Security head
- Engage with business to acquire security requirements
- Support the Regional Information Security Head in conducting reviews of regions' current security posture and compliance to ATS Information Security Policies and compliance.
- Prepare and present status reports, monthly dashboards for business entities in the region.
- Support Regional Information Security Head to respond to security queries in the region
- Provide regional security assurance activities (e.g. AV, IPS, SIEM, patching, DLP) and support central assurance initiatives, and provide relevant follow-ups.
- Support and coordinate regional incident management activity where needed
- Ensure correct execution of security incident management processes
- Identify any incident/request that requires increased focus and actions necessary to meet committed service levels
- Conduct information risk Assessments for new projects when required
- Initiate re-certifications on privilege accounts
- Firewall rules change approvals
- Other workflow approvals such as privilege access, enabling of URLs, software authorisation
Interested parties please send your resume to alice.tong@peoplebank.asia or contact Alice TONG by 2819-2981.