Looking for an Information security manager with 1st line of defence experience.
Job Description Responsibilities:
* Take lead and drive the incident response process and drill
* Lead subordinate(s) to follow up all security related issues in the day-to-day operations and recommend security projects and enhancement where appropriate
* Monitor the daily security issues and ensure information security exposures are identified and addressed. Report potential risks and incidents happened to management promptly
* Evaluate, introduce, implement and monitor new solutions on information security to protect the company networks, systems and data, including contingency plan of system security services
* Ensure all Information Security related documentation (e.g. Security Policy) are completed on time, with good quality and is up-to-date at all time. Ensure the corresponding procedures are strictly adhered to by all staff
* Coordinate with HR, introduce IT Security Policy to new staff in the Orientation Program, as well as arrange security awareness programs where necessary
* Ensure the services from external service providers and hardware/software vendors on information security related projects are prompt and with high quality
* Ensure all periodic reporting on information security issues are generated to IT management on time * Responsible for budget recommendation on security software and equipment and the maintenance cost
* Assist to negotiate hardware/software acquisition on information security related projects in the best possible way * Responsible to ensure user support and training is organized where appropriate
* Perform ad hoc projects as assigned by supervisor Requirements:
* University or Polytechnic graduate or equivalent, with a major in Computer science / studies
* At least 2-3 years of experience in People Management
* Minimum 8 years of experience in leading IT functions, of which at least 6 years of experience in information security, preferably in financial service industry
* Professional designation in Information Security (e.g. CISSP, CISA or CISM) is required
* Hands on experience in managing information security projects and solutions
* Knowledge in industry best practices such as ISO27001, COBIT and NIST CSF is an advantag
