Responsibilities

• Defining and documenting security architecture framework as required within guidelines set by the organization’s Enterprise Architects or Technology General Management.
• Maintain understanding and design solutions in line with Monetary Authority and Compliance frameworks across the Asia Pacific Region.
• Providing technical documentation and planning advice to IT management in relation to their needs, current system performance and required solutions and technology strategy.
• Work with a range of teams to ensure remediation actions, including patching and configuration changes, are implemented according to agreed timeframes
• Direct involvement with all IT projects to ensure they align to security architecture principles and while assessing technology associated risks.
• Working with key Infrastructure and application personnel to provide or assist in technical planning advice in relation to their needs, including up front analysis of needs and hardware/software recommendations.
• Evaluating the potential of new products to enhance or supersede existing security architecture, working with the relevant technical resources.
• Provide technical advice and coordination on the implementation of security systems and on security risks associated with ICT systems
• Develop and improve operational procedures and processes for security infrastructure
• Provide information security incident management and incident response support, security awareness and training across the local and regional sites as appropriate.
• Represent the business during onsite information security audits and assessments
• Work with IT and business representatives to ensure continuous improvement of the ISMS and to achieve annual ISO 27001 certification, including conducting Vendor Management and third party security assessments
• Perform other related duties as assigned.

Requirements

• Tertiary qualifications in Software Engineering, IT or a related discipline is highly desired.
• Technology Certifications such as CISSP, CISM, CISA, SABSA, GIAC would be highly desirable.
• Excellent stakeholder management skills.
• Strong customer focus
• Effective written and verbal communication skills
• Minimum of 8 year’s working experience in Information technology with at least 3 years in a security architect or senior security analyst role.
• Demonstrated experience working within ISO27001 and compliance frameworks e.g HKMA, MAS.

Benefits

Five-day work week, Free shuttle bus, Medical insurance, Performance bonus

*** Permanent Hong Kong Resident is preferred. More details at https://askit.com.hk/jobs/it-security-and-compliance-analyst/ ***