Responsibilities

This role is responsible for the information security protection and management of the IT environment of the HKSTP, ensuring the availability, integrity and confidentiality of network infrastructure, application system and data. He/she will work with internal and external parties, including the IT outsourcing team, to identify risks, develop security measures to mitigate the risks, manage various security technologies, and raise user awareness on security best practices.

• Develop and enforce IT securities policies, procedures, and standards
• Coordinate with internal and external auditors to perform information system audits
• Work with outsourcing vendor to provide on-going support to security monitoring, SIEM tuning, security incident response, and investigation
• Arrange user training and activities to raise the IT security awareness
• Undertake risk assessments of new and existing systems to ensure security
• Work with various parties to identify solutions for security risks identified
• Provide security expertise on a variety of security enhancements and initiatives (e.g., SIEM tuning, DLP, egress filtering, virtual network segmentation, next-gen firewall, web application firewall, etc.).
• Remain current on technical developments and evolving threat landscape and advise management on counter measures
• Identifying vulnerabilities in our current systems and provide solutions.
• Work closely with outsourcing vendor to follow up and close the vulnerabilities.
• Keeping up to date with developments in IT security standards and threats.
• Performing penetration tests to find any flaws.
• Collaborating with management and the IT department to improve security.
• Documenting any security breaches and assessing their damage.
• Educating colleagues about security software and best practices for information security.
• Continuously updating the incident response, disaster recovery plans, and business continuity plans.
• Perform other duties as assigned by supervisor
  
  

Requirements

• Bachelor degree in IT, Computer Science or technology related discipline
• A minimum of 5 years of IT experience with 3 years in IT security in sizable enterprises. Candidates with less experienced will be considered as Assistant Manager, Information Security
• Ability to educate a non-technical audience about various security measures.
• CISSP, CISA, CISM or ITIL Fundamental Certification would be an advantage
• Proven on-going support and operational experience in an IT security monitoring, SIEM tuning, security program development
• Extensive knowledge of cybersecurity, SIEM, ISO27001, DLP, next-gen firewall, web application firewall and specific technologies like splunk, Appspider, Tenable, etc.
• Professional level business Chinese and English is a must, both written and verbal.

[This position is open for referral by Recruitment agencies. The profile should be sent to our HR email address agencycv@hkstp.org.]

We offer market competitive compensation, 5-day work week and generous benefits including medical and life insurance. To apply, please send your full resume with current and expected salary to the Human Resources & Office Administration Department, Hong Kong Science and Technology Parks Corporation, 5/F, Building 5E, 5 Science Park East Avenue, Hong Kong Science Park, Hong Kong or, by clicking 立即申請 on or before 31 August 2020. Please quote the reference number on the email subject/envelope and the application letter.

Personal data provided will be treated in strict confidence and used for recruitment purpose only. All personal data collected will be used strictly in accordance with employer’s personal data policies, you can access to HKSTP’s Personal Information Collection Statement at https://www.hkstp.org/hkstp_web/en/hkstp/personal-information-collection-statement-recruitment

Applicants not invited for interview within four weeks after application deadline may consider their applications unsuccessful. Personal data of unsuccessful applicants will be retained for a maximum of two years.

www.hkstp.org