Head of Cybersecurity | 人才服務辦公室

職位描述

The applicant must possess

1. a recognised degree in Computer Science / Information Technology, or a related disciplines. With a master's degree and/or with professional certificates (such as CISSP, CISA, CISM, or CEH) is preferred;
2. a minimum of 12 years’ post-qualification work experience in cybersecurity, including a minimum of 5 years in a leadership role;
3. strong knowledge of cybersecurity principles, standards, and best practices;
4. proven experience in maintaining IT security policies, conducting audits, and managing risk assessments;
5. familiarity with security monitoring tools and technologies, such as Vulnerability Scanning, DLP/EDR, NGFW, IDS/IPS, CASB, WAF, Privileged Access Management, SIEM, SOC/SOAR, SASE, etc.;
6. excellent communication, stakeholder management, and collaboration skills.
7. experience in managing and mentoring cybersecurity professionals; and
8. demonstrated skills in vendor management and staying updated on emerging cyber trends and best practices.

(Applicants who do not possess the required qualifications and / or experience may be considered for other positions within the organisation.)

Job Duties

1. to review, implement, and enforce relevant IT security policies, standards, and procedures;
2. to provide regular progress updates on the cybersecurity strategy to the CIO;
3. to maintain the overall cybersecurity posture;
4. to develop a cybersecurity operating model for continuous improvement;
5. to conduct annual scenario-based and application-specific cybersecurity risk assessments and audits and develop enhancement plans according to the risk levels;
6. to perform security risk assessments and implement controls for new applications/systems and major system updates;
7. to oversee vulnerability management processes to identify and mitigate vulnerabilities;
8. to execute cybersecurity certification exercises to ensure compliance.
9. to carry out regular incident response drills and make continuous improvement;
10. to carry out Cybersecurity training and awareness communications to the entire organisation;
11. to drive a culture of cybersecurity awareness and best practices across IT teams;
12. to manage and coach a team of cybersecurity professionals;
13. to build and maintain partnerships with vendors for cybersecurity initiatives; and
14. to carry out any other duties as assigned from time to time by the Executive Director.

Applications

The position is on a renewable fixed-term contract (subject to performance and operational needs) for a period of 3 years.

Please click the below “Apply Online” to complete the application form and upload the updated curriculum vitae, the results of English and Chinese Language obtained in public examinations, current and expected salary together with a covering letter stating one’s suitability for the job on or before 8 May 2024.

For further details on CIC please refer to website: .http://www.cic.hk