Key Responsibilities
Contribute to the design, upkeep, and enhancement of enterprise-wide information security frameworks, policies, standards, guidelines, and operating procedures aligned with ISO27001 and industry best practices.
Handle daily security operations including user and privileged account management, administration of keys and certificates, log reviews, vulnerability assessments, penetration testing, and incident response.
Evaluate and recommend security controls, ensuring proper implementation across major projects.
Support deployment of security solutions and infrastructure in collaboration with internal teams and external vendors.
Monitor and investigate security events to detect, analyze, and respond to potential threats.
Enforce and oversee access controls, data protection, and physical safeguards to prevent exposure.
Conduct cyber threat intelligence analysis when necessary.
Define and track information security risk indicators, analyze related statistics, and provide insights for senior management oversight.
Identify gaps in controls, assess residual risks, and propose risk treatment measures.
Interpret and report key risk metrics to senior management on a regular basis.
Drive security awareness initiatives and ensure compliance with relevant standards.
Review and advise on the use of Open Source Software (OSS) and freeware.
Execute operational security procedures in line with corporate policies and guidelines.
Stay updated on emerging technologies and recommend adoption of new security tools and standards based on industry practices.
Perform additional duties as assigned by supervisors.

Qualifications & Requirements
Bachelor’s degree in Information Technology, Information Security, or related discipline.
At least 4 years of professional experience in information security or related fields.
Familiarity with security frameworks and standards used in the financial industry (e.g., C-RAF, SWIFT CSCF, ISO27001) is advantageous.
Strong team player with excellent communication, presentation, problem-solving, and analytical skills.
Possession of certifications such as CRISC, CISA, CISM, CISSP, or equivalent is a plus.
Knowledge and experience in public/private cloud security is beneficial.
Practical understanding of risk management frameworks and methodologies is desirable.
Prior experience in major financial institutions preferred but not mandatory.
Proficiency in both written and spoken English and Chinese.
Willingness to work evening shifts (12:30–21:30) with shift allowance.
Applicants from non-financial industries will also be considered.
Candidates with less experience may be offered the role of Information Security Analyst II.

‍