Associate/Senior Associate/Manager – Cybersecurity_HK

Full-time

Posted 

Technical Skills

  • Accountancy
  • Analytics
  • Android
  • Apache Web Server
  • Audit
  • Change Management
  • COBIT
  • Event Management
  • Information Security
  • IT Audit
  • IT Governance
  • ITIL
  • Microsoft Access
  • Project Management
  • Risk Management
  • SAP
  • Statistics
  • Team Management
  • UNIX

Job Description

Associate/Senior Associate/Manager – Cybersecurity_HK

Location: Hong Kong

Job Description & Responsibilities

We are currently looking for individuals with strong cyber security, technology risk, IT strategy and governance background.

Key responsibilities include:
  • Designing and conducting cyber-attack simulation to evaluate the effectiveness of cyber defences across different technology layers, such as network, operating systems, applications, devices,and database and process. The sIn addition, such simulation would also cover “People” aspect such as evaluating their cybersecurity maturity and situational awareness;
  • Designing, assessing and implementing technology risk and cyberinformation security management framework, policies, standards, procedures and solutions such as Enterprise-wide Identity & Access Management (I&AM),  Privileged Access Management (PAM), Endpoitn Protection, Data Loss Prevention (DLP), and Security Information & Event Management (SIEM) / Security Operations Centre (SOC)Security Analytics & Intelligence, and other solutions; integrate 3rd party services such as Threat Intelligence and Managed Security Services; help our clients build / transform Security Operations Centers (SOC); etc. solutions, and Privileged Access Management (PAM) solutions, using NIST, ISO27001, ISO20000 and CoBIT as theand other internationally recognized cyberinformation security and IT service management standards;
  • Supporting project management or managing hands-on complex systems integration projects involving multiple vendors, team members and client staff;
  • Analyzing complex client server systems and multi-platform infrastructure and application systems (including operating system, database, web server, firewall and router, electronic trading / banking systems, etc.);
  • Providing assurance over the operations and approach of management service providers in any outsourcing of the IT function;
  • Establishing risk governance recommendations on emerging policies to support development of new procedures and methodologies to minimize risks;
  • Conveying pragmatic solutions to our client's complex business problems through the use of written reports and presentations;
  • Supervising, coaching, developing and leading teams and individual team members; and
  • You will be expected to take a consultativeant's approach to the attest / assurance process of a client's operations utilising our practice methodology to assess our client's operations.

Year of experience
 
Associate:                             1 year experience
Senior Associate:                 3 years experience
Manager:                               5 years experience


Requirements
  • University degree majoring in information security, information systems,  computer science, engineering, accounting, business administration, information systems, computer science, engineering, statistics;, accounting, and / or business administration;
  • Professional qualifications:  CISA, CISM, CISSP, CEH, CISP, GWAPT, OSCP, OSCE, GPEN, GXPN, or other security related qualifications (including certifications issued by CREST);
  • System design / implementation and / or security assessment / IT audit experience with a reputable professional / consulting firm or multi-national corporations; (Candidate with less years of experience will be considered for Senior Associate or Associate positions);
  • Practical experience and working knowledge in two or more of the following - business & system processes review, IT auditing, cyberinformation security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP, PAM  and SIEM/SOC, network and system penetration testing, application security testing and code review;
  • Hands-on security operations, threat intelligence, incident response, malware reverse engineering and other related experience would be beneficial;
  • Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, SAP, Oracle, Hyperion and/ or evaluating and implementing cyberinformation security management, IT service management and IT governance framework using NIST, ISO27001, ISO20000, ITIL and COBIT respectively;
  • Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems;
  • Familiar with security and control for technologies: Unix, Windows, database, Firewall, Router, mobile technologies (e.g., iIOS, Android), etc.;
  • Excellent communication skills in both oral and written English and Chinese;
  • Flexible, self-starter possessing intellectual curiosity;
  • Ability to interact with executive levels of client and firm management;
  • Effective project management, interpersonal and influencing skills are essential; and
  • Flexibility to travel to out-of-town engagements.
Employment TypeFull-time
Education LevelBachelor
QualificationCertified Ethical Hacker (CEH), ITIL Practitioner Level
LanguageEnglish, Cantonese
PricewaterhouseCoopers (PWC)Accounting and Finance

22/F, Prince's Building Central, Hong Kong

directions_walk4 mins walk from Central Station