Your new company
Leading Regional Retail Conglomerate
Your new role
Plan and execute periodic in-house and external red-team exercises of the company, and oversee the implementation of rectification measures.
Evaluate existing cyber defences against MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
Perform per-launch penetration testing exchange-related systems, products and applications upon request.
Monitor and analyse emerging cyber threat of the company, having regard to cyber intelligence and threat landscape related to relevant Group entities.
Escalate major cyber risks to senior management and relevant stakeholders in a timely manner, and coordinate measures for addressing the risk.
Conduct specialist investigation into significant cyber incidents or control lapses.
Deliver an effective independent cyber security review strategy, covering specialist reviews and tests on cyber security controls.
Provide specialist support to ongoing cyber awareness training and phishing test.
Provide specialist support to the formulation of effective strategy, framework and structure for managing cyber risk of the company and the implementation through collaboration with relevant stakeholders.
Provide specialist support to the delivery of effective governance on cyber risk, covering the risk appetite, risk metrics, risk monitoring and governance reporting
What you'll need to succeed
University degree in information security, computer science, or related fields of study
At least 5 years of relevant experience in cyber risk management, preferably in financial services sector or professional services for clients in financial services, insurance or retail industry
Solid experience in monitoring and analysing cyber risk and intelligence, planning and delivering red-team exercises, organizing cyber drills and overseeing cyber incident management, conducting cyber security reviews and tests, cyber forensic practices, cyber awareness training and phishing tests
Hands-on security operations, threat intelligence, incident response, detection engineering and other related experience would be beneficial
Demonstrate good knowledge in IT environment and cyber related controls from both a tactical and strategic viewpoint
Proven track record in initiating and implementing significant changes or projects involving different stakeholders and aligning their interests.
At least one of the relevant certification/accreditations required such as CREST (CCSAS/CCSAM/CCT), OSCE3 (OSWE/OSED/OSEP), OSCP, GIAC (GXPN/GCPN/GWAPT/GPEN)
What you need to do now
If you're interested in this role, send your cv to firstname.lastname@example.org #1223182
Technology & Internet Services
Talk to a consultant
Talk to Eddie Chow, the specialist consultant managing this position, located in Hong Kong
6604-06,66/F, ICC, 1 Austin Road West, West Kowloon