Manager, Technology Risk

  • Competitive
  • Hong Kong
  • Festanstellung, Vollzeit
  • Dah Sing Financial Group
  • 23 Mär 19

Manager, Technology Risk


  • Design, develop and update Information security policies, standards and guidelines.

  • Research security standards, security systems and authentication protocols.

  • Perform risk analyzes on existing security infrastructure and implement security enhancements.

  • Implement systems and procedures to enable digital forensics capabilities.

  • Develop technical requirements and controls for network, system and data security.

  • Provide technical guidance to systems and network team regarding security configurations.

  • Participate in developing, tuning and implementing threat detection analytics.

  • Apply process to ensure that IT operational and control risks are at an acceptable level within the risk thresholds of the bank, by evaluating the adequacy of risk management controls.

  • Assist in communicating the risk management standards, policies and procedures to stakeholders.

  • Analyze and report to management, and investigate into any non-compliance of risk management policies and protocols.

  • Define appropriate framework for cybersecurity monitoring (including monitoring requirements, indicators, datasets, collection and analytical methods).

  • Analyze cybersecurity incidents and make recommendations on remediation actions.

  • Collect data on cybersecurity related risk, attacks, breaches and incidents, including external data and statistics as appropriate.

  • Investigate security incidents by gathering evidence and reviewing system logs / audit trails.

  • Involve in project team on developing a new system for the bank. Provide solution and advice related to security of the system, network and IT infrastructure.

  • Prepare and conduct security awareness training to the bank.

  • Conduct regular security assessment on the system, network and IT infrastructure used by the bank.

  • Play a governance role on the IT outsourcing service provider. Perform regular security assessment on IT outsourcing service provider.

  • Minimum 5 years of relevant work experience in information security / cybersecurity.
  • University graduate in Computer Science / Information Technology or equivalent.
  • One or more certificates listed below:
    • ISC2 Certified Information Security Professional (CISSP)
    • ISACA Certified Information System Auditor (CISA)
    • ISACA Certified Information Security Manager (CISM)
    • ISC2 Certified Cloud Security Professional (CCSP)
    • HKIB Associate Cybersecurity Professional (ACsP)
    • CCASP Practitioner Security Analyst (CPSA)
  • Experience in Microsoft Windows, AIX, Sun Solaris, Linux, CISCO router and switch, F5 ASM/APM/LTM, Checkpoint firewall, Juniper firewall, Trend Micro Deep Security, Splunk, Forcepoint Web Security Gateway and ForeScout Network Access Control.
  • Solid experience in Thales payShield HSM and nShield HSM
  • Solid experience in performing vulnerability scanning, penetration test and technology risk assessment
  • In depth knowledge in the security controls of client server technology, web applications (using HTML, Java, Ajax, and .NET) and database (such as Oracle, DB/2, MS-SQL and Sybase)
  • Familiar with the Supervisory Policy Manual of HKMA, Personal Data Privacy Ordinance, PCI Data Security Standard, and Customer Security Controls Framework of SWIFT and SFC guidelines
  • Familiar with Public Key Infrastructure (PKI) and ANSI x9.17 Key Management Standard
  • Banking experience is an advantage
  • Strong information security sense in relation to business requirements
  • Excellent command of written English
  • Mature, independent and able to deliver quality results under tight schedule
  • Good communication and interpersonal skills

Please note that only shortlisted candidates will be notified.