Dairy Farm International

Head of Information Security

Dairy Farm International
Full Time
Lead (more than 10 years)
Bachelor
English

Job Description

Head of Information Security

Location: Quarry Bay 鰂魚涌

Dairy Farm is a leading pan-Asian retailer operating over 6,500 outlets, and employing over 180,000 people across 11 countries. Dairy Farm’s total annual sales exceeded US$17 billion and has a customer base of over 1 billion consumers across its highly diversified businesses. The Group operates supermarkets, health and beauty stores, convenience stores, home furnishings stores and restaurants under well known brands ranging from Wellcome and Mannings, to 7-Eleven, and IKEA. With such a broad offering and wide geographic reach, we welcome applications from candidates with a passion for retail, and a pioneering spirit to join our expanding team.

Head of Information Security

 The incumbent is responsible for enabling a world-class information security ecosystem which balances the needs of our businesses to achieve their operational and customer requirements and reduce the level of risk to the minimal.

The Job

  • Define and recommend information security policies for approval by management
  • Build and manage information security awareness material and campaigns which will be disseminated to users and stores across the organization
  • Author, procure, and publish technical security standards for infrastructure and software, and to manage program/(programs) of development and compliance monitoring
  • Lead and manage the PCI-DSS regular ASV scan and annual external penetration test across the group
  • Lead the PCI-DSS compliance activities by monitoring performance and readiness at Business Unit level and supporting teams with advice.  Report the compliance status and issue to the management and major stakeholders
  • Work with local and oversea IT partners to research and identify tools to deploy, improve the security compliance, and reduce risk for the organization
  • Lead the investigation of major security incidents. Working with internal and external parties to identify the root cause and implement mitigation measures
  • Update the management and major stakeholders with latest information security trends, threat, and solutions
  • Lead information security assessments of new businesses and implement programs and activities to ensure the Group standard is met

 

The Person

  • A bachelor degree in Computer Science or a related subject
  • Minimum 10 years IT experience, including at least 5 years in security management and IT governance, preferably in a regional and shared services environment
  • Technical experience in the security aspects of multiple platforms, operating systems, software, communications,  and network protocols
  • Current CISA, CISM, CISSP, or other security related qualifications are preferred
  • Practical experience and working knowledge in Information Security frameworks, audit principles, security administration processes, and metrics collection and reportin
  • Possess deep knowledge of best practice of Information Security and with solid understanding of  technologies including, firewalls, VPNs, penetration testing, data loss prevention, disaster recovery, and other security solutions
  • Proven experience in formulating and executing IT governance and compliance initiatives
  • Excellent communication and interpersonal skills with the ability to effectively interact with a diverse group of IT staff located in multiple locations
  • Excellent verbal and written presentation skill in English

Professional Qualifications

  • Certified Information Security Manager (CISM)
  • Certified Information System Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)

Technical Skills

  • Audit
  • Compliance
  • Corporate Communications
  • Disaster Recovery Planning
  • Information Security
  • IT Governance