Group Information Security Consultant

Location: Hong Kong, Hong Kong
Contract Type: Permanent
Specialisation: Technology
Salary: HK$850000.00 - HK$1200000 per annum
REF: BBBH219407_1519199205


  • Develop and maintain Information Security policies, guidelines, standards, processes and procedures for the Group
  • Work with the business units and stakeholders to facilitate information risk analysis and risk management processes, and communicate current risk posture
  • Understand, communicate and apply Information Security controls to address internal and external compliance requirements
  • Perform security risk and vulnerability assessments on IT systems, provide technical advice to ensure that all identified Information Security risks are mitigated and requisite Information Security controls are implemented
  • Lead delivery of Information Security projects
  • Provide input into Group Information Security strategy
  • Conduct Information Security awareness programmes to promote security awareness to all employees
  • Manage provisioning, de-provisioning, certification and attestation of identities and user access to applications, systems and files
  • Conduct research to evaluate new emerging technologies and maintain an up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations and assist in benchmarking risk management practices against other companies


  • University degree or above in IT, preferably with relevant professional qualifications such as CISSP, CISM, CCSP, SABSA
  • At least 7 years of relevant experience in IT with at least 3 years work experience in the Information Security field
  • Experience in revamping, developing and maintaining Information Security policies, processes and procedures
  • Knowledge of ISMS, ISO27000 series and other major Information Security frameworks
  • Possess domain competencies in a number of Information Risk related disciplines, including risk management, business continuity management, privacy and compliance
  • Good problem solving and analytical skills and workshop facilitation skills
  • Ability to learn and understand new concepts quickly to keep up with new emerging technology
  • Strong communication, people management and interpersonal skills
  • Experience implementing solutions for any of the following capabilities a plus:
    • Identity and Access Management
    • Governance, Risk and Compliance
    • Web Filtering
    • Security Incident and Event Management (SIEM)
    • Endpoint Protection