Responsibilities:

• Provide advisory and recommendation from risk perspective
• Assist to define security architecture for the organization infrastructure and application
• Research and evaluate on latest security threats and technology solutions, such as Cloud, Big Data, Social Networking and Mobility
• Assist to establish and implement the assessment on outsourcing/third party security control
• Assist to establish and maintain security standards and guidelines with focus on application and network security
• Assist in establishing security baseline for key IT processes
• Plan, coordinate and drive IT security program to enhance secure posture assessment for critical information systems
• Proactively work with vendors to understand the up-to-date related technology for the possible Company implementation feasibility
• Assist to establish review processes on information security operation
• Work with the IT operation partners to monitor any system and network security threat and to apply quick remediation action
• Assist to build and manage computer security incident response program
• Assist to manage compliance measurement of security patch compliance for corporate infrastructure
• Assist to manage independent penetration test for the corporate infrastructure
• Assist in reviewing IT initiatives from technology risk perspectives
• Report findings on security inefficiencies and provide recommendation for improvement
• Assist in planning of technology related risk management strategies, processes and work plans
• Assist to establish security dashboard with key risk indicators

Requirements:

• Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline
• Over 2 years of experience in IT security, technology risk, risk management, compliance or IT audit function, gained from other sizable financial institutions
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM) or Certified Internal Auditors (CIA) preferable
• Sound knowledge of network security or platform security
• Good command of written and spoken English with Mandarin is preferable
• Good communication and interpersonal skills
• Independent and strong self-initiative