The West Kowloon Cultural District Authority welcomes exceptional talent with a passion to realise the vision and mission of making the West Kowloon Cultural District a prime local and international destination for arts, culture and entertainment.
You will be responsible for :
Governance and Planning :
preparing and formalising security policies, standards & guidelines in adherence to organizational and statutory requirements;
planning the overall security measure in system application and platform landscape;
advising IT Management on strategic issues, latest security trends on system application and infrastructure;
outlining and refining security related policies and procedures, ensure consistency and use of best practices in design and build of application and infrastructure;
ensuring security policies are adhered to by all users and vendors and continually reviewed; and
be a gatekeeper in Architecture Governance Board to enforce system security.
Enforcement and Operations :
security Control : adopting and practising appropriate IT security measures based on current issues and best practices identified globally, regionally, by auditors and external influences;
risk Assessment : assist on staffing the competent resources to operationalise regular risk assessments and vulnerability assessments to identify and address potential threats to IT systems and data;
incident Response : implementing the incident response plan to effectively manage and mitigate cybersecurity incidents;
training & Awareness : organising training programs to enhance awareness of cybersecurity risks and best practices among employees;
stakeholder Engagement : collaborating with other departments to ensure cybersecurity awareness and best practices across the organization; and
reporting : providing regular and succinct updates to IT management and the executives regarding the organization's risk posture and cybersecurity incidents.
Financial Controls :
ensuring compliance to the standard procurement and budget management processes for security project initiatives and operational spending;
reviewing business case for proposed initiatives to ensure all relevant costs and services required for deployment, operations and support are justified with viable solution options comparison;
managing vendor performance to leverage and optimize investments;
reviewing costs and identify cost saving opportunities which do not impact the strategic vision; and
authorizing all technology related purchases and capital expenditure based on company’s authorization limits and policies.
You should :
possess a recognised university degree in Information Security, Computer Science or equivalent;
have at least 8 years of IT experience, with at least 3 years in managing IT security or related role;
possess strong knowledge of information security principles, frameworks, and best practices (e.g., ISO 27001, CIS Controls);
have experience with security tools and cloud technologies such as : Ops in AWS, MS Azure, Ali, Google Cloud; Firewall solutions; Web application firewall solutions; Security information and event management (SIEM) solution;
possess technical knowledge of operating systems, networking, firewalls, encryption, and other cybersecurity concepts;
preferably be certified with qualifications such as CISSP, CISM or CISA;
be proficiency in English and Chinese verbal and written communication skills, with the ability to articulate complex technical concepts to non-technical stakeholders; and
have experience in vendor management and liaison.
Manager Manager • Hong Kong