• To lead a team to conduct threat intelligence analysis and suggest necessary controls to mitigate security risks to the Bank
• To perform threat hunting to detect anomalous behaviors over the network and endpoints so as to reduce impact to the Bank
• To work collaboratively with corporate risk and compliance, internal audit and various technical teams in the design and implementation of audit, risk assessment and regulatory compliance practices for the department
• To conduct research for current and emerging threats and analyze various threat intelligence and suggest actionable information to mitigate risks
• To discuss with external research analysts in understanding cyber security perspective and propose necessary controls for the Bank

• University graduate in Computer Science or a related discipline
• Minimum 10 years’ working experience in IT sector covering the followings with at least 5 years in management role in technology audit or cyber and information security
• Certified in CISSP, CISA or related professional certification
• Sound knowledge in IT security services
• Good project management and leadership skills and risk awareness
• Excellent analytical mindset
• Strong interpersonal skills and collaboration ability
• Good command of both written and spoken English and Chinese, fluent in Putonghua is preferable

• Manage technological risk by ensuring controls are properly designed, implemented and operated as intended in meeting various international / domestic standards and regulatory requirements
• Develop and maintain corporate-wide technology risk management framework, policy, guideline, standard, and operation procedures with reference to applicable best practices
• Define technology risk indicators; collect, analyse and interpret the corresponding statistics for assisting senior management in overseeing technology risk
• Identify control gaps, review the residual risk level and make recommendation for risk treatment
• Recommend technology risk and security control measures and monitor the implementation for major projects
• Analyse security events for detection, investigation and response to potential security issue
• Maintain and monitor appropriate computer and network access controls, data, and physical security to ensure no security exposure
• Promote security awareness for all level of staff members
• Perform other duties as assigned by supervisor(s)

• University degree preferably in information technology or related discipline
• Minimum 7 years of experience in technology risk / information security with in-depth exposure to system, network and application security, and production control methodologies, with at least 3 years’ experience at managerial level
• Expertise in security practices and standards commonly adopted by the banking/financial industry such as the Cyber Resilience Assessment Framework (C-RAF), ISO27001 standard, etc.
• Team player with sound interpersonal, communication and presentation skills as well as excellent problem solving and analytical skills
• Holder of security certificates - CRISC, CISA, CISM, CISSP or other equivalent certificates is preferred
• Good command of written and spoken English and Chinese, proficiency in Putonghua is an advantage
• Familiar with computer audit, ethical hacking methodologies and/or knowledge in SWIFTNet security standard would be an advantage

For more job opportunities, please visit our website: https://npsl.com.hk/

Our client is now looking for dynamic candidates to join their team as the following role.

Interested parties please send your detailed resume with current and expected salary in Microsoft Word format to jobs@npsl.com.hk (Please quote reference number in your job application).