Security Manager

The Job 

• Monitor internal/external compliance reviews activities and follow up on deficiencies identified and ensure remediation steps have been taken
• Perform control and vulnerability assessments to identify gaps and weaknesses. Assist in compliance monitoring and recommend remediation actions
• Provide oversight into vulnerability scanning results to ensure timely remediation actions
• Develop appropriate metrics for reporting to track exceptions and remediation process
• Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance cases if any
• Provide an advisory role for IT stakeholders to assess security requirements and control; enforce security control policies as planned
• Assist in development of security guidelines, standards and related processes
• Collaborate with internal or external parties to conduct necessary assessments such as penetration tests, compliance reviews, third-party vendor assessments, and audits. Follow through on findings and recommendations to close out identified gaps.
• Develop and validate baseline security configurations for operating systems, applications, networking and telecommunications equipment
• Research and assess new threats and security alerts, and provide recommendations on solutions
• Assist to build/review/monitor the IT security architecture for the Company infrastructure and business application environment
• Promote IT risk awareness to internal stakeholders 

The Person 

• Degree holder in IT, Computer Science or related disciplines
• Minimum 10 years’ experience in IT industries with at least 5 years in security related role
• Solid experience on information security management framework such as ISO 27001, BS7799
• Certification in Information Security disciplines such as CEH, CISM, CISA or CISSP preferred
• Knowledge of Information Security best practices, such as PCI DSS or Secure SDLC is an advantage
• Hands-on experience of vulnerability management and/or penetration testing
• Previous experience in full stack security solution implementation such as EDR, Firewall, SIEM, incident response, or governance, risk, and compliance (GRC) is highly desirable
• Strong project management and execution experience
• Self-motivated and able to work independently
• Good problem solving, analytical, communication and interpersonal skills
• Good command of written and spoken English and Chinese
• Candidate with less experience will be considered for Senior Security Specialist position