Information and Technology Security Management Manager | 人才服务办公室

职位描述

Accumulating over 70 years experience on our solid foundation in Hong Kong and Greater China, we succeed and create our brilliant story throughout the region. As the first foreign bank branch in Mainland, we grasp the opportunity to grow along with the economic reforms. With our well-versed China business intelligence, we continue to expand our network proactively but prudently.

Inheriting our “People Focus” tradition, we strongly believe in the philosophy of talent investment. Here, we respect your career development with enormous support and room for inspiration. If you are ready to go for great, join us today. You can shine with your own glorious story.

Your talent is our treasure, come to explore your potential with us.

The scope of work:

1. Assist superiors in drafting and maintaining information security and related management measures;

2. Assess the information security risks of new projects, the impact on banks and propose mitigation measures;

3. Follow up special information security cases and report progress regularly;

4. Ensure that all work complies with laws and regulations, bank risk management policies and the codes and guidelines of relevant regulatory agencies;

5. Regularly provide information based on the IT accident history database to assist the wind management team in drafting comprehensive technology risk and compliance reports, and overall assess the risk level of various IT accidents and non-compliance situations;

6. Practices for implementing a cyber defense plan that is consistent with the Group and complies with the requirements of the Hong Kong Monetary Authority;

7. Responsible for daily information security operation and maintenance, including security event monitoring, account authority management, security vulnerability management, and other regular information security work, such as:

i. Computer operation accounts and authorization applications for newly recruited, transferred or resigned employees;

ii. Assist in coordinating computer user/authorization annual inspections, including launching self-inspections, monitoring, random inspections, and collecting reports;

iii. Handle suspicious outgoing emails blocked by "Data Loss Prevention (DLP)" and manage the DLP exception list;

iv. Collect and identify the list of suppliers related to information security and technological risks, and assist the first line of defense (supplier responsible/coordinating unit) to complete the supplier self-examination questionnaire and on-site inspection;

v. Coordinate internal or external audits of materials related to information security;

vi. Initiate regular information security checks, such as desktop cleaning, important client programs, use of removable storage devices, and phishing email testing;

8. Complete other tasks assigned by superiors.

Education/Professional:

1. University degree or above

2. Must hold information security professional qualifications recognized by the Hong Kong Monetary Authority（such as CISSP / CISM / CISA）

Work experience:

• Working experience in banking, IT or information security;
• 2 or more years of practical experience in directly operating security tools and setting security rules;
• Participated in writing information system security or technology risk management in policies, procedures and standards.

If you are flexible enough and zeal for a harmonious and supportive working environment where enables you to grow and succeed professionally, please send a full resume indicating your public examination results (HKCEE and HKALE / HKDSE), your present and expected salary and quoting reference number attention to Talent Acquisition Division, Nanyang Commercial Bank, 151 Des Voeux Road Central, Hong Kong or apply through email. For details, please visit https://www.ncb.com.hk/ and select the page Recruit.

We are an Equal Opportunities Employer. Data collected would be used for recruitment purposes only. Applicants who do not hear from us within 8 weeks may consider their applications unsuccessful and their data will be destroyed within 12 months of receipt.