Your new role - challenging and future-oriented

This incumbent will be act as Senior Technology Risk Manager in Hong Kong, being the subject matter expert in IoT cybersecurity

• Review and design cybersecurity solutions, provide subject advisory and technical expertise to help clients determine cybersecurity requirements, comply with cybersecurity standards and conduct cybersecurity assessment

• Provide cybersecurity advice such as the secure design of processes and system architectures to technical/business colleagues and increase awareness on security threats

• Lead the Cybersecurity technical/business projects workstream to ensure secure services and business processes right from the start

• Drive the assessment of cybersecurity vulnerabilities, mitigation of findings and implementation of cybersecurity controls for IoT applications and the underlying IT infrastructure

• Collaborate with other Cybersecurity units, service providers to build up your network in the Cybersecurity ecosystem and to ensure continuous Cybersecurity improvement

• Accompany and guide sales, presales, operations, business managers in client discussion

• Contribute to Risk Management processes to give management a clear picture of relevant Cybersecurity risks

• Relate Information Security goals, objectives and needs of the business environment to ensure a holistic protection of the most critical assets of the business

• Detect deviations from protection requirements and support the identification and implementation of compensating measures

• Facilitate internal or external Cybersecurity assessment and audit, Threat / Risk Analysis (TRA) and crisis management activities

• Drive the process of cybersecurity monitoring and liaise with customer on Incident Response and Handling

Your skills and experience

Individuals who meet the following requirements or possess the equivalent combination of competence and experience are invited to apply:

• Degree in Computer Science/Engineering or Business Information Technology

• At least 10 years of experience in similar roles with additional experience in the Cybersecurity, IT / or technology related fields preferred

• CISSP and CEH certifications are required

• IEC 62443, ISO 27001 related certifications preferred

• CISA, CISM, or other related professional qualifications preferred

• Experience in variety of IT / OT Security Frameworks (e.g. IEC 62443-3-3, ISO 27001)

• Experience in design and implementation of pragmatic protection measures in Cloud (i.e., AWS, Azure) and SaaS environments

• Experience in penetration test, Cybersecurity assessment and audit is an advantage

• Experience / Knowledge in Railway related projects is an advantage

• Solid knowledge about current threats to IT applications/services and infrastructures and are familiar with state-of-the-art protection measures

• Deep knowledge of enterprise information technology concepts and digitalization use cases

• Awareness of technology megatrends such as cloud computing and other disruptive technologies

• Ability to translate technical concepts into business-friendly terminology (verbally and written)

• Strong team player and collaborator with robust interpersonal skills

• Strong analytical skills to identify, assess and mitigate security vulnerabilities

• Experience working with various stakeholders, e.g., communication of technical topics to C-suite audiences

• Practical experience in Enterprise Risk Management (ERM)

• Proficient in written and spoken English and Mandarin

• Candidates with less experience might be considered as Technology Risk Manager

Business and Collaborative Skills

• Ability to learn / dive into the technology trends and implement them into existing solutions

• Ability to work well in a team environment

• Ability to handle multi-tasking situations with the ability to arrange works according to priorities and schedule autonomously

• Proactive, self-directed, motivated and desire to innovate in a challenging corporate environment

• A solid track record of working as a Technical Manager with focus on IoT and cloud technology

• Several years of practical experience in cloud computing solutions, cloud security concepts and cloud operations concepts in a Business to Business and Business to Authority environment