My client is a huge firm in Hong Kong and they are looking for a candidate to join their growing Cyber Security team as Technical Manager - Information Security.
Job nature: Permanent, full time
If this sounds like you, then either apply here or reach me directly at email@example.com
- Work with assigned Project Manager and Tech Lead to ensure security is built into solutions from the start of the project. To recommend, evaluate and implement IS controls and technical capabilities, ensuring initiatives get completed on time and budget.
- Support the process of selecting and reviewing of information security solutions.
- Conduct technical studies, and provide technical recommendations in design, development and system integration. Implement assigned security initiatives and prepare necessary documentation in order to ensure compliance to the project development lifecycle and getting endorsement from IT governance board and technical groups.
- Support the implementation of the security training awareness program within the organization.
- Make decision and solve technical problems to provide an efficient environment for project implementation.
- Support the Risk Team in performing information security risk assessment and be the technical advisory for assigned project areas to ensure compliance to company's Info. Sec. policy, standards and practices, as well as mitigation of all identified risks.
- Provide technical support in security log, feeds and raw source into SIEM for data security analytics.
- Enable dashboards for monitoring security information for the management and Cyber Security Operations team, to be able to provide various degree of visibility both real-time and over extended periods of the security events within the environment.
- Support in compiling and producing reports on monthly issues and trends for the enhancement of the functions of the Enterprise Security and Support management.
- Recommend and execute ideas to improve processes based on lessons learnt over time in performing assigned duties.
- Carry out other enterprise security and support duties that may be assigned by management.
- A university degree with strong technical background, particularly in Information Technology, Information Security, application security/development and/or networking.
- Experience working in technical IT roles, with at least 3 years' pure hands-on experience in enterprise security infrastructure, IS risk assessments or testing.
- A CISSP, GIAC, CEH or equivalent certification will be advantageous.
- Good knowledge of various database types and technologies, in particular Oracle and MSQL databases,
- Deep understanding of database encryption technologies, database proxies, secure protocols etc.
- Deep understanding of security threats with respect to SQL injection attacks, virtual private databases and database auditing, searchable encryption,
- Able to implement security solutions such as Demisto, Splunk, ELK, Carbon Black, Darktrace, ALSID and/or Tufin.
- Good design and solution knowledge of Certificate Authority and PKI infrastructure and operations.
- Vendor engagement in designing e-Learning security awareness content and programme driver.
- Knowledge of incident response methodologies, security issues, vulnerabilities, exploits and security standards that may impact information security.
- Hands-on experiences to PC endpoint whitelisting, Web Isolation and/or MSS handling.
- Good working knowledge of various flavours of Windows and Linux, OS configuration, file system structures, OS components, mobile operating systems, etc.
- Strong understanding of security principles, policies, and industry best practices.
- Good knowledge and experience of Database Security, Data Protection, Database Encryption technologies, Data Flow Mapping etc.
- Experience in implementing cyber security controls and/or compliance systems relevant to Governance, Risk and Compliance platforms, Data Loss Prevention, Threat Intelligence and/or Firewall Management.
- Experience in third party assurance and vendor engagement
- Experience in secure network infrastructure, Anti-DDoS, NG Firewall, IDS/IPS, WAF, Secure MTA, Load Balancer, Internet Proxy, as well as DNS hosting.
- Networking knowledge of networking essentials, architecture, ports, and protocols, wireless, etc.
- Promote security awareness and adoption of security standards and practices to staff members.
Package: 1 Mil + bonus + benefits