Save Job Back to Search Job Description Summary Similar JobsCritical Infrastructure IndustryNew HeadcountAbout Our ClientOur client is a leading provider of critical infrastructure services in Hong Kong, playing a vital role in the city's daily operations.Job DescriptionDevelop and Implement a Technology Risk Management Framework: Establish a robust framework encompassing risk identification, assessment, analysis, mitigation, monitoring, and reporting processes. This framework should align with the Critical Infrastructure Law and other relevant regulations.Conduct Risk Assessments: Perform regular technology risk assessments, including vulnerability assessments, penetration testing, and threat modeling, to identify and prioritize potential risks to critical systems and infrastructure.Develop Risk Mitigation Strategies: Develop and implement effective risk mitigation strategies to address identified risks, including technical controls, process improvements, and security awareness training.Monitor and Report on Risk Levels: Continuously monitor the effectiveness of risk mitigation measures and provide regular reports to the CISO and other stakeholders on the current state of technology risk.Collaborate with Stakeholders: Work closely with IT teams, business units, and other stakeholders to ensure alignment on risk management priorities and to foster a culture of risk awareness.Stay Up-to-Date on Threats and Vulnerabilities: Maintain current knowledge of emerging threats, vulnerabilities, and best practices in technology risk management.Ensure Compliance with Regulations: Ensure compliance with relevant regulations, including the Critical Infrastructure Law, and industry standards related to technology risk management.Develop and Deliver Risk Awareness Training: Develop and deliver training programs to raise awareness of technology risks and promote secure practices across the organization.Manage Third-Party Risk: Assess and manage technology risks associated with third-party vendors and service providers.Incident Response Support: Provide support to incident response teams in the event of a security incident.The Successful ApplicantBachelor's degree in Computer Science, Information Systems, or a related field.Minimum of 8 years of experience in technology risk management, IT audit, or a related field.Proven experience in developing and implementing technology risk management frameworks.Strong understanding of cybersecurity principles and best practices.Familiarity with relevant regulations and industry standards, including ISO 27001, NIST Cybersecurity Framework.Excellent analytical, communication, and report writing skills.Ability to work independently and as part of a team.Professional certifications such as CISA, CISM, CRISC, CISSP are highly desirable.Experience in the critical infrastructure sector is a strong advantage.Fluency in English and Cantonese is required.What's on OfferGreat Career ExposureAttractive Salary PackageContactAlexis WeeQuote job refJN-012025-6631318Phone number+852 3602 2400Job summaryFunctionITSpecialisationSecurityWhat is your area of specialisation?Transport & DistributionLocationHong KongJob Type:PermanentConsultant nameAlexis WeeConsultant phone+852 3602 2400Job ReferenceJN-012025-6631318
