The Hong Kong Monetary Authority (HKMA) is charged with the responsibility for maintaining the stability and integrity of the monetary and financial systems of Hong Kong.
The HKMA currently embarks on a multi-year Digital and Technology Transformation Programme for the introduction of new digital capabilities and upgrade of major technology solutions of the HKMA. It aims to provide the HKMA with a well governed and efficient IT operating environment, and ensure the robustness and safety of the digital technology solutions in view of the technological development and security risks.
There is now an excellent opportunity for eligible candidates to apply for the following position:
Chief Information Security Officer
Key Responsibilities
- Reporting to Chief Information Officer, you will be responsible for establishing and maintaining a robust information security programme to protect our organisation's sensitive data, systems and networks
- Develop and implement a comprehensive information security strategy aligned with the organisation's goals and objectives
- Establish and maintain information security policies, standards, procedures and guidelines to safeguard the organisation's assets
- Provide guidance and oversight on security risk management, vulnerability assessments and threat modelling
- Collaborate with cross-functional teams to ensure security requirements are incorporated into the design and implementation of systems and applications
- Conduct regular security audits and assessments to identify vulnerabilities and recommend remediation actions
- Monitor and respond to security incidents, including leading incident response efforts, conducting investigations and implementing preventive measures
- Keep abreast of the latest security threats, vulnerabilities and industry best practices, and provide guidance on emerging security technologies and trends
- Develop and deliver security awareness and training programmes to educate employees on security policies, procedures and best practices
- Coordinate with external auditors and third-party vendors to ensure compliance with applicable laws, regulations and contractual requirements
- Manage relationships with external security vendors, consultants and service providers
- Prepare and present regular reports to executive leadership and senior management on the organisation's security posture and risk mitigation strategies
Requirements
- University degree in computer science, information technology or related fields, with professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or equivalent. Relevant advanced degree a definite advantage
- At least five years of experience in managing information security function, including developing and managing information security budgets, for a medium to large size organisation
- Proven experience in a similar role as a Chief Information Security Officer or senior information security leader
- Experience with cloud security, network security and secure software development practices highly desirable
- Professional certifications such as CISA (Certified Information Security Auditor), CEH (Certified Ethical Hacker) and CIPP/E (Certified Information Privacy Professional / Europe) an advantage
- In-depth knowledge of information security principles, best practices and industry standards
- Strong understanding of regulatory requirements such as C-RAF, GDPR, HIPAA, PCI DSS, etc.
- Knowledge of emerging technologies such as artificial intelligence (AI), machine learning (ML) and Internet of Things (IoT), and their security implications
- Demonstrated track record of successfully implementing and managing security technologies, including firewalls, intrusion detection / prevention systems, identity and access management, encryption and vulnerability management tools
- Excellent leadership skills with the ability to build and manage a high-performing security team
- Strong analytical and problem-solving skills with the ability to make sound decisions under pressure
- Excellent communication and interpersonal skills with the ability to effectively communicate complex security concepts to both technical and non-technical stakeholders
Conditions of service
- Successful candidate will be appointed on fixed contract terms
- A competitive remuneration package will be offered. There is flexibility to take account of additional experience and qualifications
- Fringe benefits include medical and dental benefits, paid annual leave and contract-end gratuity
How to apply
You may submit an application via one of the following channels:
- Online application
*Online application will be temporarily suspended from 08:00 p.m. on 11 May 2024 to 07:00 a.m. on 12 May 2024 due to system maintenance
- By Mail
Send in the hard copy application form (available either at the HKMA’s reception counter or website https://www.hkma.gov.hk) to:
Recruitment Officer
Hong Kong Monetary Authority
55/F., Two International Finance Centre
8 Finance Street, Central, Hong Kong
Copies of transcripts together with a full resumé including details of past experience should be attached to the application. Please mark your correspondence address and the position applied for on the envelope.
Completed application should reach the HKMA, via the designated submission channel, by 11 May 2024. Applicants may wish to submit their applications in advance of the deadline to allow for any unexpected delays, e.g. with internet traffic, including file size restrictions and system maintenance downtime. Those not contacted by the HKMA within three months from the closing date for applications should consider their applications filed for future reference.
Personal data provided by applicants will be used strictly in accordance with our personal data policies, a copy of which will be provided upon request. You may contact the Recruitment Officer at the above address.
The HKMA is an equal opportunities employer. More information on the HKMA can be found at the website https//www.hkma.gov.hk.
The Online Application System is scheduled to perform regular system maintenance from Hong Kong time 6:00 a.m. to 8:00 a.m. every Wednesday. During this time, online application will not be available.
