Your new role
Plan and execute periodic in-house and external red-team exercises, and oversee the implementation of rectification measures.
• Evaluate existing cyber defenses against MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
• Perform per-launch penetration testing exchange-related systems, products and applications upon request
• Monitor and analyse emerging cyber threat having regard to cyber intelligence and threat landscape related to relevant Group entities.
•Escalate major cyber risks to senior management and relevant stakeholders in a timely manner, and coordinate measures for addressing the risk.
• Conduct specialist investigation into significant cyber incidents or control lapses.
• Deliver an effective independent cyber security review strategy, covering specialist reviews and tests on cyber security controls.
• Provide specialist support to ongoing cyber awareness training and phishing test.
• Provide specialist support to the formulation of effective strategy, framework and structure for managing cyber risk of the Group and the implementation through collaboration with relevant stakeholders.
• Provide specialist support to the delivery of effective governance on cyber risk, covering the risk appetite, risk metrics, risk monitoring and governance reporting.
• Provide specialist support to the definition of policies and guidelines which incorporate all applicable legislative and regulatory requirements, industry standards and best practices, while ensuring that the policies and guidelines are effective and practicable.
• Propose, drive and coordinate other cyber initiatives for facilitating 2nd Line responsibilities whenever there is a need.
• Foster and maintain effective relationships and collaboration with regulators, law enforcement, exchange peers and industry partners.
What you'll need to succeed
• University degree in information security, computer science, or related fields of study
• At least 6-15 years of relevant experience in cyber risk management, preferably in financial services sector or professional services for clients in financial services industry
• Solid experience in monitoring and analysing cyber risk and intelligence, planning and delivering red-team exercises, organizing cyber drills and overseeing cyber incident management, conducting cyber security reviews and tests, cyber forensic practices, cyber awareness training and phishing tests
• Hands-on security operations, threat intelligence, incident response, detection engineering and other related experience would be beneficial;
• Demonstrate good knowledge in IT environment and cyber related controls from both a tactical and strategic viewpoint
• Proven track record in initiating and implementing significant changes or projects involving different stakeholders and aligning their interests.
• At least one of the relevant certification/accreditations required such as CREST (CCSAS/CCSAM/CCT), OSCE3 (OSWE/OSED/OSEP), OSCP, GIAC (GXPN/GCPN/GWAPT/GPEN)
What you'll get in return
What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call +85222307941 now. If this job isn't quite right for you but you are looking for a new position, please email Eddie Chow at firstname.lastname@example.org for a confidential discussion on your career #1222197
Technology & Internet Services
Talk to a consultant
Talk to Eddie Chow, the specialist consultant managing this position, located in Hong Kong
6604-06,66/F, ICC, 1 Austin Road West, West Kowloon