Consultant / Mgr Cyber Security \u0026 IT Risk

Job description

Responsibilities

- Provide industry-specific information security resolutions and related advisory services and offer advisory services related to IT risk management
- Provide overall solutions related to information security, including but not limited to information security management and technology architecture planning, establishment of information security management systems, information security management and technology assessment, and information security metrics. Based on the internal and external challenges faced by customers, conduct risk assessments, analyse and design information security development plans and implementation paths, and assist customers with implementation and results assessment
- Provide advisory services related to IT risk management; based on customers' demands, conduct system assessment and optimisation, establish IT risk management systems, assess IT risk management, provide IT audit, compliance assessment, involving IT governance, IT risk management, system development and maintenance, information security, data security and business continuity
- Provide customers with bespoke technical advisory services related to information security and IT risk
- Project management: manage projects related to information security and IT risk management

Qualifications

- Bachelor degree and above, major in information system, computer science, information management and statistics will be preferred
- At least 3-5 years of experience in information security and IT risk management; experience in the financial industry is an advantage
- Accreditations such as CISSP, CISA, CISM, ITIL, ISO27001 LA are a plus
- Familiar with security configuration such as operating systems, databases and middleware, with professional skills in system security development, vulnerability scanning and penetration testing
- A deep understanding of relevant laws and regulations, regulatory provisions, international standards related to information security, including the Internet Security Law, ISO27000 as well as regulatory regimes implemented by the CBRC and the CIRC
- Strong learning ability, good logical thinking, and excellent verbal / written communication skills
- Passionate, ambitious, able to work under pressure, and with a strong sense of responsibility and innovative spirit

职位描述

- 负责提供行业相关的信息安全整体解决方案和咨询服务，以及提供IT风险管理相关咨询服务
- 负责提供围绕信息安全的整体解决方案，包括但不限于信息安全管理和技术架构规划、信息安全管理体系建设、信息安全管理和技术评估、信息安全度量等。从客户面临的内外部挑战，开展风险评估，分析和设计信息安全发展规划和实施路径，协助客户进行落地实施，以及开展效果后评估
- 负责提供IT风险管理咨询服务，基于客户需求，开展系统建设评估和优化、信息科技风险管理体系建设、信息科技风险管理评估、IT审计、合规遵从性评估等，涉及领域包括IT治理、IT风险管理、系统开发、系统运维、信息安全、数据安全、业务连续性等
- 负责灵活运用专业能力和方法，为客户提供定制化的信息安全与IT风险技术咨询服务

任职要求

- 本科及以上学历，信息系统、计算机科学、信息管理、统计学相关专业优先
- 3-5年及以上信息安全和IT风险管理工作经验，金融行业从业经验优先考虑
- 具有CISSP、CISA、CISM、ITIL、ISO27001 LA等相关资质优先考虑
- 熟悉操作系统、数据库、中间件等安全配置，熟悉系统安全开发过程，熟悉漏洞扫描和应用渗透测试等各项专业技能
- 熟悉信息安全相关法律法规、监管条文、国际标准，包括网络安全法、ISO27000、等级保护等相关标准，以及银保监会等监管制度

We offer successful candidates an attractive remuneration package and the opportunity to work in a dynamic and exciting environment.

Personal data collected will be used for recruitment purposes only.

© 2019 KPMG, a Hong Kong partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ('KPMG International'), a Swiss entity. All rights reserved. *LI