Insurer - CISO

Posted 07 March 2023
Salary HKD1600000 - HKD1800000 per annum
LocationKwun Tong
Job type Permanent
DisciplineCyber Security
Contact NameNicholas Ng

Job description

  • Take lead and drive the incident response process and drill
  • Lead subordinate(s) to follow up all security related issues in the day-to-day operations and recommend security projects and enhancement where appropriate
  • Monitor the daily security issues and ensure information security exposures are identified and addressed. Report potential risks and incidents happened to management promptly
  • Evaluate, introduce, implement and monitor new solutions on information security to protect the company networks, systems and data, including contingency plan of system security services
  • Ensure all Information Security related documentation (e.g. Security Policy) are completed on time, with good quality and is up-to-date at all time. Ensure the corresponding procedures are strictly adhered to by all staff
  • Coordinate with HR, introduce IT Security Policy to new staff in the Orientation Program, as well as arrange security awareness programs where necessary
  • Ensure the services from external service providers and hardware/software vendors on information security related projects are prompt and with high quality
  • Ensure all periodic reporting on information security issues are generated to IT management on time
  • Responsible for budget recommendation on security software and equipment and the maintenance cost
  • Assist to negotiate hardware/software acquisition on information security related projects in the best possible way
  • Responsible to ensure user support and training is organized where appropriate
  • Perform ad hoc projects as assigned by supervisor

  • University or Polytechnic graduate or equivalent, with a major in Computer science / studies
  • At least 3 years of experience in People Management
  • Minimum 10 years of experience in leading IT functions, of which at least 6 years of experience in information security, preferably in financial service industry
  • Professional designation in Information Security (e.g. CISSP, CISA or CISM) is required
  • Hands on experience in managing information security projects and solutions
  • Knowledge in industry best practices such as ISO27001, COBIT and NIST CSF is an advantage