Manager, Cyber Security

The West Kowloon Cultural District Authority welcomes exceptional talent with a passion to realise the vision and mission of making the West Kowloon Cultural District a prime local and international destination for arts, culture and entertainment.

You will be responsible for :

Governance and Planning :

preparing and formalising security policies, standards & guidelines in adherence to organizational and statutory requirements;

planning the overall security measure in system application and platform landscape;

advising IT Management on strategic issues, latest security trends on system application and infrastructure;

outlining and refining security related policies and procedures, ensure consistency and use of best practices in design and build of application and infrastructure;

ensuring security policies are adhered to by all users and vendors and continually reviewed; and

be a gatekeeper in Architecture Governance Board to enforce system security.

Enforcement and Operations :

security Control : adopting and practising appropriate IT security measures based on current issues and best practices identified globally, regionally, by auditors and external influences;

risk Assessment : assist on staffing the competent resources to operationalise regular risk assessments and vulnerability assessments to identify and address potential threats to IT systems and data;

incident Response : implementing the incident response plan to effectively manage and mitigate cybersecurity incidents;

training & Awareness : organising training programs to enhance awareness of cybersecurity risks and best practices among employees;

stakeholder Engagement : collaborating with other departments to ensure cybersecurity awareness and best practices across the organization; and

reporting : providing regular and succinct updates to IT management and the executives regarding the organization's risk posture and cybersecurity incidents.

Financial Controls :

ensuring compliance to the standard procurement and budget management processes for security project initiatives and operational spending;

reviewing business case for proposed initiatives to ensure all relevant costs and services required for deployment, operations and support are justified with viable solution options comparison;

managing vendor performance to leverage and optimize investments;

reviewing costs and identify cost saving opportunities which do not impact the strategic vision; and

authorizing all technology related purchases and capital expenditure based on company’s authorization limits and policies.

You should :

possess a recognised university degree in Information Security, Computer Science or equivalent;

have at least 8 years of IT experience, with at least 3 years in managing IT security or related role;

possess strong knowledge of information security principles, frameworks, and best practices (e.g., ISO 27001, CIS Controls);

have experience with security tools and cloud technologies such as : Ops in AWS, MS Azure, Ali, Google Cloud; Firewall solutions; Web application firewall solutions; Security information and event management (SIEM) solution;

possess technical knowledge of operating systems, networking, firewalls, encryption, and other cybersecurity concepts;

preferably be certified with qualifications such as CISSP, CISM or CISA;

be proficiency in English and Chinese verbal and written communication skills, with the ability to articulate complex technical concepts to non-technical stakeholders; and

have experience in vendor management and liaison.