Senior Manager / Manager, Audit
Lead the internal audit function within JETCO to provide assurance, in the delivery of the internal audit findings and the corresponding recommendations, to the senior management on the effectiveness of risk management, internal control and governance processes. Role reports and is accountable to the Chief Executive Officer.
Perform various internal audits for JETCO operations, risk management, compliance and IT infrastructure and system development based on the following frameworks/ requirements:
ISO 27001 Certification Standards
OGCIO IT Security Guideline and HKSARG Interoperability Framework
Payment Card Industry Data Security Standard (PCI DSS)
Regulatory Requirements, e.g. HKMA
Develop and deliver an annual risk-based audit plan covering all JETCO activities, ensuring the audit effort is directed towards the area of the greatest strategic and operational risks.
Oversee the implementation / execution of the annual audit plan.
Liaise closely with the external auditors to ensure that they can place maximum reliance on the work of internal audit.
Establish effective and open communication with the business, risk and control functions as well as providing insightful, pragmatic and valued control assurance to the management in JETCO.
University graduate in IT, Computer Science, Accounting or related disciplines
At least 8 years of IT audit experience
Possess recognized professional qualifications, such as, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), CSX Cybersecurity Practitioner (CSX-P) or Certified Internal Auditor (CIA)
Experience in internal audit, risk and control management, preferably, in financial institutions
Knowledge of financial technology and its related risk management, regulatory compliance and security (including cybersecurity)
Familiar with industrial technology standard, such as ISO27001 and PCI-DSS
Mature, independent, good interpersonal and relationship management skills
Strong analytical, presentation and report writing skills
Ability to work independently as well as in a team environment
Excellent command in both written and spoken English and Chinese
Senior Security Officer
Design, develop, implement and maintain the security infrastructure in the Corporation to ensure the compliance with government regulations and international standards such as HKMA, VISA, ISO27001, PCI DSS, etc.
Identify security vulnerabilities, associate risks and mitigation strategies
Assist the manager to formulate the security policies, standards and procedures
Perform daily security logs review on all security related devices, equipment and network perimeter services
Maintain and operate Hardware Security Module (“HSM”) and all key related aspects
Handle all daily activities in physical security and access control system
Bachelor’s degree in Computer Science or a related discipline, preferably with relevant professional qualifications such as CISA, CISM or CISSP
At least 3 years of experience in IT system management, security administration, managing security services and devices (Candidates with less experience will be considered as Security Officer)
Sound knowledge in IT system management, security infrastructure design, cyber-security management and penetration test in the banking / financial environment
Strong teamwork with good interpersonal and communication skills in both written and spoken English and Chinese
Establish strong relationship with third party service providers (TSPs) and business solution partners from different industries
Identify new sales and product opportunities and develop solid pipelines of new prospects and sales leads
Navigate complex sales situations, perform selling activities (prospecting, business case development and implementing planning) to drive and exceed overall targets and objectives for the territory
Devise and implement effective sales strategic plans by utilizing innovative business development techniques to recruit TSPs and grow the business
Work with internal teams and partner technical resources to facilitate and validate solution proposals
Collaborate with all product stakeholders to ensure smooth execution of initiatives and projects onboarding
Drive sales and account servicing excellence
Perform any other duties as assigned by superior from time to time
Degree holder or above in Business Administration, Finance, Computer Science, or related discipline
At least 3 - 5 years of sales or solution sales experience, preferably in API based commerce platform for B2B or B2C model
Strong executive presence, facilitation skills, drive for results, attention to quality and detail, and a collaborative attitude
Demonstrate strength at building relationships, highly motivated, strong sense of urgency, ability to attain goals in a fast-paced environment
Team player with proven track record of taking initiative and ownership of responsibilities and deliverables but also able to work independently
Excellent written and oral communication skills in English, Cantonese and Mandarin
Assistant Manager - Cybersecurity
Governance and Compliance
Enforce information security policy and standards on physical and logical controls
Design, develop, implement and maintain security architecture to ensure the compliance with government regulations and international standards such as HKMA, ISO27001, PCI DSS, etc.
Perform security risk assessment and advise risk mitigation measures to reduce risk exposure in IT application and infrastructure
Work with internal and external auditors on various compliance standards e.g. ISO27001, PCI and HKMA
Assist to formulate the security policies, standards and procedures
Perform Periodic Security Review
Monitor performance managed security services and work with Infrastructure team to rectify issues
Work with service provider to conduct incident response, threat hunting and forensic investigation
Conduct or manage service provider to conduct vulnerability assessment and penetration test
Work with internal and extern party to support system drill
Provide emergency support for security issues when an event occurs
Take part in security solution evaluation and monitor implementation
Prepare security paper for new product or services
Work with vendors to understand the up-to-update related security technology for the possible implementation of projects
Possess a bachelor degree in information technology, information systems or equivalent
At least 3 years’ experience in information security, preferably in financial industry
One or more of the following qualifications: CISSP, CISA, CISM, CEH or the like
Knowledge of ISO27001, PCI, pentest and vulnerability assessment, system and network security, preferably with exposure in security solution. E.g. APT, PAM, Encryption, SIEM
Good verbal communication and written skill
Good command of written and spoken English and Chinese
We offer competitive remuneration package and career prospects to the right candidate. Salary will be commensurate with qualifications and experience. Our attractive remuneration package includes 5-day work week, year-end bonus, performance bonus, dental and medical benefits, employer voluntary contributions to MPF, education allowance, staff well-being sponsorship, birthday leave, marriage leave, family care leave, etc.
Interested candidates please send your full resume stating contact details, current and expected salary to firstname.lastname@example.org
Personal data collected will be used for recruitment purpose only. We are an equal opportunity employer.