Senior Manager – Information Security
— Information Technology
Responsibilities
- Serve as the Group Information Security champion and oversee the design, implementation, and governance of information security standards, policies, and best practices, provide recommendations for security enhancements to IT management
- Stay updated on the latest information technology security trends and threat intelligence
- Manage the implementation and utilization of security tools such as endpoint protection, email protection, advanced threat protection, network security, mobile security, privileged account management, security awareness etc.
- Direct the installation and configuration of infrastructure equipment like firewalls and endpoints to safeguard against cybersecurity attacks and protect sensitive information
- Conduct and manage security risk assessments and compliance checks regularly
- Act as the main point of contact for internal and external parties regarding information assurance and security, support and coordinate the execution of external and internal IT audit
- Lead the Information Security Operations Team, including a managed Security Operations Center (SOC), to monitor, detect, and investigate security incidents 24/7
- Coordinate closely with the Infrastructure & Operations team for incident management on a 24/7 basis
- Manage the Cybersecurity Awareness Program, including organizing employee security training including class room training and conducting phishing tests
Requirements
- University Degree in Computer Science or related disciplines
- At least 15 years experience in Information Security and Infrastructure, preferably in InfoSec or Security Operation environment
- Holder of security certificates (e.g. CISSP, CISM, CISA, CEH, … etc.) is a must
- Holder of ISO 27001:2013 certification is highly desirable
- First-hand knowledge and proven experience with security monitoring, protection and automation products such as SIEM, UBA, PAM, CASB and SO Automation tools
- Hands-on experience with security infrastructure (e.g. Privileges ID management, Endpoint security, Firewall, PIM, IPS, DLP, APT and WAF) and web technologies (e.g. HTTP and .Net)
- Up-to-dated knowledge of technical security controls in a modern IT environment including private cloud, Microsoft Azure, Office 365 and Amazon Web Services
- Proven experience in designing and implementing security standard, policy and guidelines
- Experience of writing and introducing effective information security and compliance policies/guidelines
- Proven track record of leading in-house security operations team to perform incident management for security incidents and events including lessons learned
- Highly self-motivated and able to work under pressure
- Strong vendor management skill
- Good Interpersonal and Communication skills
- Customer focused and influential, with a strong desire to drive results
How to apply
- By e-mail: hr@nanfung.com
- By mail: The Human Resources Manager, Nan Fung Development Limited, 17/F., AIRSIDE, 2 Concorde Road, Kai Tak, Hong Kong
Remarks: You are required to click on the link below and read our Personal Information Collection Statement Pertaining to Recruitment carefully before you submit your application: www.nanfung.com/sc/pics/.