The applicant must possess

1. a recognized degree in Information Systems, or other related disciplines;
2. minimum 10 years of relevant experience in IT security areas;
3. strong knowledge of cybersecurity frameworks, such as ISO 27001, NIST, and COBIT;
4. experience in conducting security risk assessments, audits, penetration testing, and implementing security measures;
5. excellent communication and leadership skills, with the ability to manage and motivate a team;
6. experience in incident response and crisis management;
7. knowledge of industry standards and regulations, such as GDPR and PCI;
8. relevant certifications, such as CISSP, CISM, CISA, and ISO27001 Lead Auditor preferred;
9. self-motivated, proactive, and able to work independently and under pressure; and
10. excellent problem-solving skills and attention to detail.

(Applicants who do not possess the required qualifications and / or experience may be considered for other positions within the organisation.)

Duties include

As the Cybersecurity Manager, You will oversee and lead the cybersecurity team to strengthen capabilities, safeguard information assets, and work closely with other departments to identify and mitigate security risks.

1. to design and implement robust security architecture, policies, protocols, and procedures;
2. to present cybersecurity insights and budget to senior management and executives;
3. to plan and design the security roadmap and frameworks to uplift the company’s security posture;
4. to conduct security risk assessments, audits, and penetration testing to identify and mitigate security risks;
5. to perform penetration tests and red team exercises with external consultants to identify and resolve security vulnerabilities;
6. to reviews security controls and compliance with the company's security policy;
7. to manage the outsourced SOC to monitor network activity to identify signs of intrusion or compromise;
8. to research cyber resilience maturity models and information security governance mechanisms;
9. to promote cybersecurity awareness among employees and stakeholders;
10. to manage vendor and contract relationships related to cybersecurity;
11. to stay up-to-date with emerging cybersecurity threats and vulnerabilities, and implement appropriate measures to prevent and mitigate them;
12. to lead and manage information security-related projects; and
13. to coordinate with internal and external auditors to perform information system audits.
14. to carry out any other duties as assigned from time to time by the executive director.

Applications

The position is on a renewable fixed-term contract (subject to performance and operational needs) for a period of 2 years.

Please click the below “Apply Online” to complete the application form and upload the updated curriculum vitae, the results of English and Chinese Language obtained in public examinations, current and expected salary together with a covering letter stating one’s suitability for the job on or before 30 August 2023.

For further details on CIC please refer to website: .http://www.cic.hk