PricewaterhouseCoopers (PWC)

Associate/Sr Associate/Manager-Cybersecurity-RA-HK

PricewaterhouseCoopers (PWC)
Full Time
Junior (less than 3 years)
Bachelor
English, Mandarin (Putonghua)

Job Description

Associate/Sr Associate/Manager-Cybersecurity-RA-HK

Location: Hong Kong

Job Description:

We are currently looking for individuals with strong information security, technology risk, IT strategy and governance background. 


Key responsibilities include:
 
  • Designing, assessing and implementing technology risk and information security management framework, policies, standards, procedures and solutions such as Enterprise-wide Identity & Access Management (I&AM), Data Loss Prevention (DLP) and Security Information & Event Management (SIEM) solutions, using ISO27001, ISO20000 and CoBIT as the internationally recognised information security and IT service management standards;
  • Analysing complex client server systems and multi-platform infrastructure and application systems (including operating system, database, web server, firewall and router, electronic trading / banking systems, etc.);
  • Providing assurance over the operations and approach of management service providers in any outsourcing of the IT function;
  • Establishing risk governance recommendations on emerging policies to support development of new procedures and methodologies to minimise risks;
  • Conveying pragmatic solutions to our client's complex business problems through the use of written reports and presentations; and
  • Supervising, coaching, developing and leading teams and individual team members.
  • You will be expected to take a consultant's approach to the attest / assurance process of a client's operations utilising our practice methodology to assess our client's operations. 
 
Year of experience

 
Associate:                              1 year experience
Senior Associate:                  3 years experience
Manager:                               5 years experience

 

Requirements

  • University degree majoring in accounting, business administration, information systems, computer science, engineering, statistics, accounting, and / or business administration;
  • Professional qualifications:  CISA, CISM, CISSP, CEH, CISP or other security related qualifications;
  • System design / implementation and / or security assessment / IT audit experience with a reputable professional / consulting firm or multi-national corporations; (Candidate with less years of experience will be considered for Senior Associate or Associate positions);
  • Practical experience and working knowledge in two or more of the following - business & system processes review, IT auditing, information security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP and SIEM, network and system penetration testing, application security testing and code review;
  • Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, SAP, Oracle, Hyperion and/ or evaluating and implementing information security management, IT service management and IT governance framework using ISO27001, ISO20000, ITIL and COBIT respectively;
  • Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems;
  • Familiar with security and control for technologies: Unix, Windows, database, Firewall, Router, mobile technologies (e.g., IOS, Android), etc.;
  • Excellent communication skills in both oral and written English and Chinese;
  • Flexible, self-starter possessing intellectual curiosity;
  • Ability to interact with executive levels of client and firm management;
  • Effective project management, interpersonal and influencing skills are essential; and
Flexibility to travel to out-of-town engagements. 

 

Requirements

  • University degree majoring in accounting, business administration, information systems, computer science, engineering, statistics, accounting, and / or business administration;
  • Professional qualifications:  CISA, CISM, CISSP, CEH, CISP or other security related qualifications;
  • System design / implementation and / or security assessment / IT audit experience with a reputable professional / consulting firm or multi-national corporations; (Candidate with less years of experience will be considered for Senior Associate or Associate positions);
  • Practical experience and working knowledge in two or more of the following - business & system processes review, IT auditing, information security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP and SIEM, network and system penetration testing, application security testing and code review;
  • Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, SAP, Oracle, Hyperion and/ or evaluating and implementing information security management, IT service management and IT governance framework using ISO27001, ISO20000, ITIL and COBIT respectively;
  • Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems;
  • Familiar with security and control for technologies: Unix, Windows, database, Firewall, Router, mobile technologies (e.g., IOS, Android), etc.;
  • Excellent communication skills in both oral and written English and Chinese;
  • Flexible, self-starter possessing intellectual curiosity;
  • Ability to interact with executive levels of client and firm management;
  • Effective project management, interpersonal and influencing skills are essential; and
Flexibility to travel to out-of-town engagements. 

Professional Qualifications

  • Certified Information Security Manager (CISM)
  • Certified Information System Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)

Technical Skills

  • Android
  • Apple iOS
  • Change Management
  • COBIT
  • Graphic Design
  • Information Technology Infrastructure Library (ITIL)
  • IT Audit
  • Oracle Database
  • Project Management
  • Risk Management
  • SAP
  • UNIX