Job No.: 494307 Employment Type: Full time Departments: Information Technology Department Job Functions: Information Technology, Risk Management
Roles and Responsibilities
Assist in reviewing IT initiatives and provide advisory from technology risk perspectives
Assist to establish and review policies, guidelines, procedures in application security area
Provide advisory and practical guidance to support technology risk and information security assessments, include vulnerability scanning, penetration test etc.
Conduct regular assessment on application security
Familiar with security testing tools e.g. Fortify, AppScan and Nessus, technologies on DevSecOps and industry good practice OWASP is preferable
Provide Cyber Security incident response operation and support.
Experience in OSINT, malware analysis and digital forensics.
Research and evaluate on latest security threats and Cyber Threat Intelligence.
Participate in Red & Purple Teaming exercises.
Familiar with technologies on Firewall, IDS, IPS, SIEM, SOAR and Network/Cloud Infrastructure is preferable.
Research and evaluate latest trend & technologies on information security and fintech area, such as FinTech, Artificial Intelligence, Big Data, Cloud Computing etc
Conduct regular assessment on data center security
Assist in planning of technology related risk management strategies, processes and work plans.
Provide staff awareness training on cyber security
Establish security dashboard with key risk indicators
Conduct HKMA assessment (e.g. C-RAF)
Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
Over 2 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
Holding at least one recognized professional qualification under HKMA enhanced competency framework such as CISA, CISSP, CRISC is preferable.
Familiar with HKMA TM-E-1, PCI-DSS, ISO 2700-series or other security risk management framework is an advantage
Good command of written and spoken English with Mandarin is preferable
Good communication and interpersonal skills
We offer competitive remuneration package and comprehensive fringe benefits including medical and life insurance, and different types of allowances to the right candidate. Interested parties, please submit your application online. For details, please visit our website http://www.bochk.com
Data collected would be used for recruitment purposes only. It might also be disclosed to our subsidiaries or Associated Companies to process the information for appointment. Applicants who do not hear from us within 8 weeks may consider their application unsuccessful and their data will be destroyed within 12 months of receipt.