Job Purpose
Leads and coordinates audit-related activities, including evidence collection, report generation, and response preparation, ensuring timely and accurate delivery to internal and external auditors. They play a key role in supporting compliance initiatives across cybersecurity, data privacy, and operational risk domains, helping maintain the organization's regulatory and governance posture.
Main Responsibilities
Security Policy & Governance:
* Develop, implement and maintain policies and procedures in relation to security administration (e.g., identity and access management).
Infrastructure Security & Compliance:
* Oversee the security posture of all IT infrastructure components, ensuring full compliance with corporate security policies and industry best practices.
* Extend compliance oversight to IoT devices, including CCTV systems, door access control, and other network-connected physical security technologies.
* Collaborate with facilities and operations teams to integrate physical and digital security controls.
Certificate & Key Management:
* Manage the lifecycle of TLS/SSL certificates, including issuance, renewal, revocation, and secure storage.
* Maintain an accurate and up-to-date inventory of encryption keys, ensuring proper rotation and access control.
Audit Support & Compliance:
* Lead and coordinate audit-related activities, including evidence collection, report generation, and response drafting.
* Ensure timely and accurate delivery of audit materials to internal and external auditors.
* Support compliance initiatives across cybersecurity, data privacy, and operational risk domains.
Requirements
Education and Qualification:
* A bachelor's degree / diploma in computer science, information technology, or a related field is often preferred.
* Possess one or more certificates in CISSP / CISA / CISM.
Work Experience:
* Minimum 5 years of relevant experience in IT security, infrastructure security, or a similar role.
* Experience in banking industry is preferred.
Technical Skills:
* Experience supporting audit and compliance processes (e.g., internal/external audits, regulatory reviews).
* Strong understanding of network and infrastructure security, security policy frameworks and regulatory standards (e.g., ISO 27001, HKMA, SFC).
Personal Skills:
* Strong analytical and problem-solving skills.
* Excellent communication and documentation abilities.
* Ability to work independently and in a team-oriented environment.
* Commitment to continuous learning and professional development.
We are an equal opportunities employer.
#J-18808-Ljbffr