Manager, Cyber Security

The West Kowloon Cultural District Authority welcomes exceptional talent with a passion to realise the vision and mission of making the West Kowloon Cultural District a prime local and international destination for arts, culture and entertainment.

You will be responsible for:

Governance and Planning:
• preparing and formalising security policies, standards & guidelines in adherence to organizational and statutory requirements;
• planning the overall security measure in system application and platform landscape;
• advising IT Management on strategic issues, latest security trends on system application and infrastructure;
• outlining and refining security related policies and procedures, ensure consistency and use of best practices in design and build of application and infrastructure;
• ensuring security policies are adhered to by all users and vendors and continually reviewed; and
• be a gatekeeper in Architecture Governance Board to enforce system security.

Enforcement and Operations:
• Security Control: adopting and practising appropriate IT security measures based on current issues and best practices identified globally, regionally, by auditors and external influences;
• Risk Assessment: assist on staffing the competent resources to operationalise regular risk assessments and vulnerability assessments to identify and address potential threats to IT systems and data;
• Incident Response: implementing the incident response plan to effectively manage and mitigate cybersecurity incidents;
• Training & Awareness: organising training programs to enhance awareness of cybersecurity risks and best practices among employees;
• Stakeholder Engagement: collaborating with other departments to ensure cybersecurity awareness and best practices across the organization; and
• Reporting: providing regular and succinct updates to IT management and the executives regarding the organization's risk posture and cybersecurity incidents.

Financial Controls:
• ensuring compliance to the standard procurement and budget management processes for security project initiatives and operational spending;
• reviewing business case for proposed initiatives to ensure all relevant costs and services required for deployment, operations and support are justified with viable solution options comparison;
• managing vendor performance to leverage and optimize investments;
• reviewing costs and identify cost saving opportunities which do not impact the strategic vision; and
• authorizing all technology related purchases and capital expenditure based on company’s authorization limits and policies.

You should:
• possess a recognised university degree in Information Security, Computer Science or equivalent;
• have at least 8 years of IT experience, with at least 3 years in managing IT security or related role;
• possess strong knowledge of information security principles, frameworks, and best practices (e.g., ISO 27001, CIS Controls);
• have experience with security tools and cloud technologies such as: Ops in AWS, MS Azure, Ali, Google Cloud; Firewall solutions; Web application firewall solutions; Security information and event management (SIEM) solution;
• possess technical knowledge of operating systems, networking, firewalls, encryption, and other cybersecurity concepts;
• preferably be certified with qualifications such as CISSP, CISM or CISA;
• be proficiency in English and Chinese verbal and written communication skills, with the ability to articulate complex technical concepts to non-technical stakeholders; and
• have experience in vendor management and liaison.

For interested parties, please submit your application with detailed CV on or before following date. Applicants are encouraged to submit their applications as soon as possible. The review of applications will continue until post is filled.

5-11-2024

Data collected will only be used for job application processing. Your data may be accessed by our appointed recruitment consultants who have agreed to keep confidence of all personal data in not less than the standards applicable to us. Applicants not being invited for interview within 4 weeks from the submission date may assume their applications unsuccessful.

All related information will be kept up to 24 months and all personal data will be destroyed afterwards.

For more information, please visit https://www.westkowloon.hk
or contact:

Jason Wong /+852 22000285