Responsibilities

• Provide updates and reports to the Department/Division Head on technology compliance, cybersecurity, and information security.
• Develop, review, and maintain policies, procedures, and guidelines, ensuring alignment with regulatory and law-enforcement requirements.
• Coordinate the unit’s participation in industry and regulator-led security drills.
• Support the Head in engaging with regulators and designated authorities.
• Manage incident reporting for IT, cybersecurity, and system-related events.
• Stay informed on emerging laws, regulations, and industry standards, identifying areas for improvement.
• Collaborate across departments to strengthen security controls and initiatives.
• Assist in conducting risk assessments, technical reviews, audits, and reporting on system security.
• Handle ad hoc projects and duties as required.

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field.
• At least 8 years of experience in information/cybersecurity or technology risk management.
• Strong knowledge of technology risk management, cybersecurity best practices, fintech, and data privacy.
• Familiarity with frameworks and standards such as ISO 27001, CSA STAR, HKMA SPM, and CFI 2.0.
• Preferred certifications: CISA, CISM, CDPSE, CRISC, CISSP, CEH, CCSP, CREST, or similar.
• Excellent teamwork, communication, and interpersonal skills.
• Practical experience with Red Team/Blue Team operations is highly desirable.
• Strong analytical and problem-solving abilities.
• Proficiency in English and Chinese, both written and spoken.