Manager, Cyber Security

The West Kowloon Cultural District Authority welcomes exceptional talent with a passion to realise the vision and mission of making the West Kowloon Cultural District a prime local and international destination for arts, culture and entertainment.

You will be responsible for:

Governance and Planning:

• preparing and formalising security policies, standards & guidelines in adherence to organizational and statutory requirements;

• planning the overall security measure in system application and platform landscape;

• advising IT Management on strategic issues, latest security trends on system application and infrastructure;

• outlining and refining security related policies and procedures, ensure consistency and use of best practices in design and build of application and infrastructure;

• ensuring security policies are adhered to by all users and vendors and continually reviewed; and

• be a gatekeeper in Architecture Governance Board to enforce system security.

Enforcement and Operations:

• security Control: adopting and practising appropriate IT security measures based on current issues and best practices identified globally, regionally, by auditors and external influences;

• risk Assessment: assist on staffing the competent resources to operationalise regular risk assessments and vulnerability assessments to identify and address potential threats to IT systems and data;

• incident Response: implementing the incident response plan to effectively manage and mitigate cybersecurity incidents;

• training & Awareness: organising training programs to enhance awareness of cybersecurity risks and best practices among employees;

• stakeholder Engagement: collaborating with other departments to ensure cybersecurity awareness and best practices across the organization; and

• reporting: providing regular and succinct updates to IT management and the executives regarding the organization's risk posture and cybersecurity incidents.

Financial Controls:

• ensuring compliance to the standard procurement and budget management processes for security project initiatives and operational spending;

• reviewing business case for proposed initiatives to ensure all relevant costs and services required for deployment, operations and support are justified with viable solution options comparison;

• managing vendor performance to leverage and optimize investments;

• reviewing costs and identify cost saving opportunities which do not impact the strategic vision; and

• authorizing all technology related purchases and capital expenditure based on company’s authorization limits and policies.

You should:

• possess a recognised university degree in Information Security, Computer Science or equivalent;

• have at least 8 years of IT experience, with at least 3 years in managing IT security or related role;

• possess strong knowledge of information security principles, frameworks, and best practices (e.g., ISO 27001, CIS Controls);

• have experience with security tools and cloud technologies such as: Ops in AWS, MS Azure, Ali, Google Cloud; Firewall solutions; Web application firewall solutions; Security information and event management (SIEM) solution;

• possess technical knowledge of operating systems, networking, firewalls, encryption, and other cybersecurity concepts;

• preferably be certified with qualifications such as CISSP, CISM or CISA;

• be proficiency in English and Chinese verbal and written communication skills, with the ability to articulate complex technical concepts to non-technical stakeholders; and

• have experience in vendor management and liaison.