Dah Sing Financial Group – Your Employer of Choice People are important stakeholders in our business. We believe in treating our employees well by creating an environment where they can excel, ensuring they are fairly rewarded and engaging them in business. We strive to embed socially responsible...

Dah Sing Financial Group – Your Employer of Choice

People are important stakeholders in our business. We believe in treating our employees well by creating an environment where they can excel, ensuring they are fairly rewarded and engaging them in business. We strive to embed socially responsible values throughout the organization, impacting our day-to-day operations. We support employee wellness, work-life balance and family friendly practices. If you share the same value and aspire to join an organization where you can contribute to its success with a rewarding career in return, join us today.

Senior Manager, Technology Risk & Information Security

Job level Senior
Work exp Minimum 10 Years
Education Bachelor Degree
Language English
Location Hong Kong
Employment type Full Time
Industry Banking
Job function Information Technology > Product Management / Development
Banking / Finance > Legal / Compliance
Information Technology > Security / Audit
Published On 25/11/2016
ref. 1552

Reporting to the Head of Technology Risk & Information Security, you will be responsible for providing information security recommendations and risk assessments; performing regular security assessment and penetration test; governing outsourcing service provider; reviewing and updating Security policy, guidelines and procedures; and promoting security awareness within the Group.

Responsibilities:

  • Assist the Head of Technology Risk & Information Security to define a medium to long term security infrastructure strategy and refreshment roadmap
  • Continuous research and introduce new security measures to the Group that cope with the changing security risk profile
  • Define, review and revise information security policies and guidelines (including outsourcing service provider) to ensure high levels of integrity, confidentiality and availability of IT resources within the Bank
  • Keep abreast of the latest attack methodologies and stay ahead of the curve on the latest forensic and incident response methodologies
  • Identify, measure, monitor and control the technology risk management process
  • Provide support for investigation of any technology-related frauds and incidents
  • Protect against web threats that may facilitate cybercrime, including malware, phishing, viruses, denial-of-service attacks, information warfare and hacking
  • Review, evaluate and endorse non-compliance information security policies
  • Act as a focal point for internal/external audit and regulator inspection role over technology risk and information security matters
  • Manage the security infrastructure to ensure adequate, reliable and cost effective resources are employed
  • Detect, identify and monitor security vulnerabilities of the entire infrastructure
  • Provide support for encryption key management; review and endorse security design of IT solutions
  • Ensure awareness of, and compliance with, the information security policies and standards 

Requirements:

  • Degree holder in Information Technology or equivalent
  • Possess CISSP / CISA / CISM qualification is preferable
  • At least 10 years relevant experience in banking IT field with over 5 years' working experience in technology risk and/or information security area
  • Knowledge in key/PIN management, HSM, internet vulnerability, firewall, intrusion prevention system, data lost prevention system and application security of finance/banking systems
  • Knowledge in Microsoft Windows, UNIX operating system and Oracle database.
  • Solid experience in technology risk management including HKMA’s SPM and PCO
  • Strong communication skill, both in Chinese and English
  • Mature, independent, able to work under pressure

All information received will be kept in strict confidence and only for employment-related purposes.