Assistant Technical Manager, Vulnerability Management - Hong Kong, 香港 - The Hong Kong Jockey Club

The Hong Kong Jockey Club Hong Kong, 香港

5天前

全职

描述

The Department

The Cyber Security and Cloud Platforms Department is responsible for the protection of the Club's information, information systems, network infrastructure and cloud platforms, as well as assurance over the resiliency and continuity of the Club's IT infrastructure. The team is also responsible for establishing governance and formulating cyber security procedures and guidelines to ensure consistent Club-wide safeguards and conformance to regulations in Hong Kong and China. It works to protect the reputation and enhance the operational resiliency of The Hong Kong Jockey Club.

The Job

Perform threat assessment and patch management advisory operations via analysis of open and commercial security intelligence feeds, and ensure business and IT patch management teams comply with defined Service Level Agreements (SLAs) for security patch deployment.

Work with IT infrastructure, network operations teams and other IT stakeholders to review and assess new set ups, changes, upgrades to the organisation's network infrastructure and network components so to ensure any move and change will not introduce security risks to the organisation.

Perform vulnerability scanning across the Club's technology landscape work with key stakeholders to identify, govern and mitigate identified vulnerabilities.

Work with assigned Project Manager to drive small- to mid-size IS initiatives to evaluate, acquire and deploy new IS technologies and capabilities, and ensure initiatives get completed on time and budget.

Work closely with business and IT stakeholders to schedule and perform system and network vulnerability scanning, classify and prioritise risks, and guide relevant stakeholders to ensure that systems and services that are either developed in-house or acquired commercially are secured against known attack vectors and prevalent threats.

Conduct the web scanning and automated code testing of in-house applications, and guide developers and IT colleagues on coding best practices and mitigations prior to production release to ensure that systems are resistant to known attack vectors, OWASP Top 10, when deployed.

Support the closure of key cyber security threats and vulnerabilities zero-day vulnerabilities or during the Project Development Lifecycle).

Support the reviews and updates of applicable cyber defense policies, regulations, and compliance documents specifically related to Threat Vulnerability Management and Security Testing

Undertake other duties assigned by Cyber Security Management.

Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross team/division/department efforts and model collaborative behaviours.

About You

University Degree in computer science, engineering or related discipline
Minimum of 5 years practical experience in IT Security Operations, Network infrastructure in a corporate environment with large-scale transaction websites and complex IT infrastructures and operations
Cybersecurity certification such as GCIH, GSOC, CISSP, CISA, CISM, OSCP, MITRE ATT&CK Defender etc. would be desirable
Experience in Threat and Vulnerability Management
Technical background, particularly in web application development, infrastructure & networking
Able to manage execution of action plans for ensuring the safety and security of all information system assets
Excellent inter-personal
Must demonstrate effective oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences
Must possess analytical, problem solving and documentation skills
Expertise in security testing, threat and vulnerability management tools and techniques, particularly around vulnerability scanning, patch management and penetration testing
In-depth experience of secure coding practices, source code review, and Internet threat vectors such as the OWASP top
Deep knowledge of secure networking infrastructure, Firewall, IDS/IPS, WAF, Secure MTA, Load Balancer, Internet Proxy as well as End-Point security
Working knowledge of security data analytics and incident handling
Working knowledge in ISO27001/2 or regulatory compliance standard

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

Closing Date

Only shortlisted candidates will be notified