Assistant Vice President & Team Head, Cybersecurity Services - CITIC Capital Holdings Limited
7 May, 2020
Key Responsibilities Assist to develop and maintain Cyber Security strategy and program to guard against security exposure and technology risk Strengthen the internet browsing security control to minimize the cyberattack and enhance the data leakage protection for all user’s migration Work closely with various IT teams and TRM to conduct Cyber Security risk assessment, simulated testing and subsequent remediation Lead various cybersecurity related projects including defining project scope, resources allocation, scheduling and technical implementation Develop and maintain information security standard & baseline, and ensure configuration compliance with established standard & baseline by conducting regular re-certification Evaluate, recommend and manage the implementation of all security solution including but not limited to BYOD, DLP, DDoS, Phishing, APT, Cloud, EDR, Anti-malware, etc. Manage and handle the vulnerability assessments / penetration testing for iBanking and other critical systems as per request Develop / optimize the strategy and practice for privileged ID support, key and eCert management Manage and maintain the performance of outsourcing security Vendor (e.g. SOC) Liaise with internal and external audits / reviews on handling the technical response and ensure the remediation work is up to satisfaction in terms of timing and quality Requirements Degree holder in Information Technology or related discipline Min 10 years’ experience in IT and/or Information Security/Technology Risk Management in which at least 5 years in people management authority Obtained Core / Professional level qualification of Relevant Practitioner under HKMA ECF on Cybersecurity Certified in CISSP, CISA, CISM or other recognized certificate is a must ITIL/PMP certification is preferred Certified in CEH, GIAC, CCNP would be an added advantage Knowledge on various platforms’ operation system such as Windows, Unix, Linux. Know-how to detect, investigate and resolve Cyber attacks, and coordinate with law enforcement body or Cyber security protection alliance Familiar with network security products such as Firewall, Router, Switch, DDoS, IDS/IPS, Load-balancer, SSL VPN, End-point protection, DLP and APT solution Familiar with the emerging technology and security standard for VDI, Mobility, Cloud, etc. Familiar with regulatory requirements such as HKMA (TM-E-1, TM-G-1, TM-G-2, SA-2), MAS, PCI-DSS and etc. Experience in handling vulnerability/penetration test service provider and PCI-DSS assessor Possess domain knowledge of retail banking
Founded in 2002, CITIC Capital Holdings Limited ("CITIC Capital") is a global alternative investment management and advisory company. The firm manages over USD22 billion of capital from a diverse group of international institutional investors. Core businesses include Private Equity, Real Estate, Structured Investment and Finance, and Asset Management. CITIC Capital currently employs over 280 staff members throughout its offices in Hong Kong, Shanghai, Beijing, Shenzhen, Tokyo and New York. The firm combines a deep knowledge of the Chinese business and financial markets with world-class investment expertise to create and maximize value for its investors.