Consultant - Cybersecurity and IT Audit

Responsibilities:

• Conduct vulnerability assessments across various platforms and technologies.
• Assess the security configurations of applications, cloud systems, infrastructure and networks, and middleware.
• Ensure adherence to relevant cybersecurity and information risk management regulations, standards, policies, and guidance such as PCI DSS, NIST, ISO 27K, and privacy regulations.
• Present risk management options to the business, and aid in the development of appropriate documentation that informs risk management decisions.
• Identify additional cybersecurity opportunities while working with clients.
• Provide regular guidance on threats.
• Stay updated on the latest cybersecurity threats, vulnerabilities, and regulatory requirements.

Requirements:

• Hold a degree in Computer Science, IT Management, Engineering, or a related field.
• Have at least 4 years of experience working directly with clients.
• Demonstrate at least 3 years of experience in Information Security, Application security review, Infrastructure and network security review, or Cloud security review.
• Be familiar with security technologies such as NGFW, IDS/IPS, EDR, SIEM, etc.
• Have proven experience in Cloud security and DevOps.
• Hold relevant qualifications and/or industry certifications such as PCIP, CISA, CISM, CISSP (at least one of these certifications is required).
• Possess strong analytical, problem-solving, and interpersonal skills that yield results.
• Be able to work independently and thrive under pressure.
• Exhibit excellent written and verbal communication skills in English and Cantonese, with Mandarin being an advantage.
• Be willing to travel overseas for certain projects.
• Possess additional certifications like PCI QSA and other Cloud certifications would be an advantage