Our client is a US listed global real estate servicing company. They are now recruiting a Manager of IT Risk & Security to join the team. Reporting to the Head of IT and leading a team, the ideal candidate for the role would be tasked with defining IT risk framework and incident management.
The responsibilities this position will cover:
- Direct the design, implementation and governance of IT security standard, security policy & guidelines and best practices
- Research the latest security trends and stay on top of threat intelligence and provide recommend security enhancements to IT management
- Conduct group security risk assessment and compliance check on regular basis
- Be the point of contact for all matters relating to information assurance and security
- Support and coordinate the execution of IT audit
- Implement security tools including end-point protection, security awareness, email protection, advanced threat protection, network and mobile security, privileged account management, etc
- Collaborate with infrastructure team on the installation and configuration of infrastructure equipment (e.g., firewalls, end points)
- Oversee group security event detection and guard against cybersecurity attack and protect sensitive information
- Lead the security operations team, including managed SOC, to effectively monitor, detect and investigate security incidents/events
- Own the Cybersecurity Awareness Program to regularly organize employee security training and carry out phishing test
- Ensure security vendors' performance meet with agreed standards
The ideal traits that the candidate would possess:
- Diploma holder or above in Computer Science or related disciplines
- Minimum 8 years' experience in information security and risk management with management background being preferred
- Possession of security qualification (e.g. CISSP, CISM, CISA, CEH, ... etc.) is required
- Proven track record working with IT audits with good knowledge on ISO27001 standards and experience on designing and implementing security standard, policy and guidelines
- Technically proficient with security monitoring, protection and automation products such as SIEM, UBA, PAM, CASB and SO Automation tools
- Good knowledge on security infrastructure (e.g. Privileges ID management, Endpoint security, Firewall, PIM, IPS, DLP, APT and WAF)
- Up-to-dated knowledge of technical security controls in a modern IT environment including private cloud, Microsoft Azure, Office 365 and Amazon Web Services
- Fluent communication, both written and spoken, in English and Chinese
To apply online, please click the 'Apply' button below. For a confidential discussion about this role please contact Kelvin Lau at kelvin.lau@peoplebank.asia or +852 2833 4138.
