it auditor in hong kong

job type
HK$ 720,000 per year
apply now

job details

hong kong
job category
information technology
job type
working hours
HK$ 720,000 per year
reference number
apply now

job description

Job Summary

Working in conjunction with other professional colleagues and specialists, the Technology Risk Manager acts as an expert advisor to management concerning technology risks involving or affecting technology, and ensure that technology risks are appropriately measured and prioritized. He/She is expected to contribute to the development and implementation of technology risk management governance programmes and implementation of the security solutions and initiatives.

Job Responsibilities

Technical Risk Governance

  • Develop and manage security governance framework and risk portfolio, which follows the company’s IT control policies and guidelines
  • Define and establish operation processes for the management of identity’s life-cycle; user access and privileged ID usage, with the use of the state-of-the-art vendor solutions

Subject matter expert on technical solutions for IT security

  • Provide information security consulting and advisory services to IT departments and business units
  • Research and evaluate latest security landscape and emerging security technologies including enterprise mobility and cloud computing
  • Review IT initiatives on technology risk perspective and establish and implement remediating security controls

IT Security Operation and Control

  • Provide governance and support over security tools including but not limited identity and access management (I&AM), data loss protection (DLP), network security, end point protection and vulnerability management
  • Manage and coordinate cyber security assessments include vulnerability scanning, independent penetration test on IT infrastructure and applications
  • Work with IT operation to monitor and report suspicious activity
  • Support internal/external audit on compliance assessment and regulatory audit work
  • Manage and coordinate security incident response, handling and investigation process

Communication and Training & Awareness

  • Manage and communicate with regional offices, vendors and external parties on security matters
  • Promote cybersecurity and data protection awareness across the corporation

Job Requirements

  • Degree holder in Computer Science or Information Systems, or related discipline
  • At least 10 years of relevant experience in IT security or technology risk management, gained from other sizable multi-national banks and insurance companies
  • Solid understanding of IT security products and solutions. Knowledge of SailPoint IIQ and CyberArk is definitely an advantage
  • Familiar with security control and technical knowledge in areas such as: Identification and Authentication, Access Control, Cyber Defence, Infrastructure security, Application security, Cryptography and Data Loss Prevention, Compliance & Vulnerability Assessment, Incident Response & Forensics
  • Preferable to have at least one IT security certification -- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC)
  • Experience and practical knowledge on implementing information security frameworks or standards, such as ISO, SOC, COBIT, ITIL is an advantage
  • Knowledge of PCI-DSS and experience in handling with IT Audit will be advantage
  • Analytical and objective; able to elaborate on, characterize, assess and evaluate risks
  • Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative

If this sounds like something that interests you, please apply directly to this job ad below, or contact Michael Stroud at or at +852 2232 3464


audit, cyber defence, cyber security, security, data, network security, solutions, IT Audit, auditing, data loss prevention, risk management, technology risk, CISSP, CISA, CISM, CRISC