• Purpose:

We are looking for a competent Assistant Security manager to organize and oversee all security operations of our company. As a Security Assistant Manager, the role is responsible for planning, coordinating, conducting, and reporting on technical assessment and audits of networks, applications, system development, and IT processes to protect from cyber threats and attacks. The role is also responsible for managing the compliance monitoring the use and storage of personal identifiable information (PII) and will develop, implement, and maintain policies and procedures involving all personally identifiable information (PII) which is collected, transferred, stored, and disposed of. Responsible for PII certification of the company, and supervision is received by the team lead of technical engineering.

[Primary Responsibilities]:

• Conduct risk assessments, technology audit and regulatory compliance assessment in areas covering IT general controls, application controls, business cycle and IT security review.
• Responsible for the planning, coordination, delivery and reporting of technical assessments and audits of networks, applications, systems development, and processes to protect from cyber threats and attacks.
• Accountable for the management of compliance, monitoring the use and storage of Personally Identifiable Information (PII).
• Develop, implement and maintain policies and procedures covering all Personal Information (PII) that is collected, transferred, stored, and disposed of.
• Support the processing of damage prevention and crisis response notifications.
• Monitor network activities to identify signs of intrusion or compromise.
• Provide training in security best practices to elevate knowledge of employees or clients.
• Design SOPs for internal audits, develop audit procedures, and complete related report writing and filing.
• Assist in handling internal and external information systems, tracking and handling information security incidents, and identifying system weaknesses and vulnerabilities and information security anomalies.
• Examine internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies.
• Plan and carry out annual routine information operations, information security management, and general internal control audits, and track and address deficiencies.
• Communicate complex technical issues in simplified terms to the relevant member.
• 歡迎身心障礙者

• Experience in planning and participation in IT audits, familiar with its specifications and control measures, with at least two years' practical experience.
• Understanding of the Infra architecture, experience in network, system administration, system development and management, and experience in managing protective installations in information security area is desirable.
• University degree or above (Master's degree or above; preferably in Information Engineering, Information Science or other related departments). 5 years’ experience in information security management. 
• Preferred: 4 years’ experience in information security management.
• Minimum 5 years IT experience, preferably with software experience.
• Good in written and spoken English.




[Nice to have]

• Knowledge of BS10012.
• Clouds security measure and related reliability engineering knowledge