Job Purpose
Leads and coordinates audit-related activities, including evidence collection, report generation, and response preparation, ensuring timely and accurate delivery to internal and external auditors. They play a key role in supporting compliance initiatives across cybersecurity, data privacy, and operational risk domains, helping maintain the organization's regulatory and governance posture.
Main Responsibilities Security Policy & Governance
- Develop, implement and maintain policies and procedures in relation to security administration (e.g., identity and access management).
Infrastructure Security & Compliance
- Oversee the security posture of all IT infrastructure components, ensuring full compliance with corporate security policies and industry best practices.
- Extend compliance oversight to IoT devices, including CCTV systems, door access control, and other network-connected physical security technologies.
- Collaborate with facilities and operations teams to integrate physical and digital security controls.
Certificate & Key Management
- Manage the lifecycle of TLS/SSL certificates, including issuance, renewal, revocation, and secure storage.
- Maintain an accurate and up-to-date inventory of encryption keys, ensuring proper rotation and access control.
Audit Support & Compliance
- Lead and coordinate audit-related activities, including evidence collection, report generation, and response drafting.
- Ensure timely and accurate delivery of audit materials to internal and external auditors.
- Support compliance initiatives across cybersecurity, data privacy, and operational risk domains.
Requirements Education and Qualification
- A bachelor's degree / diploma in computer science, information technology, or a related field is often preferred.
- Possess one or more certificates in CISSP / CISA / CISM.
Work Experience
- Minimum 5 years of relevant experience in IT security, infrastructure security, or a similar role.
- Experience in banking industry is preferred.
Technical Skills
- Experience supporting audit and compliance processes (e.g., internal/external audits, regulatory reviews).
- Strong understanding of network and infrastructure security, security policy frameworks and regulatory standards (e.g., ISO 27001, HKMA, SFC).
Personal Skills
- Strong analytical and problem-solving skills.
- Excellent communication and documentation abilities.
- Ability to work independently and in a team-oriented environment.
- Commitment to continuous learning and professional development.
Please note that only shortlisted candidates will be notified.
For application & more information, please log on to
All information received will be kept in strict confidence and only for employment-related purposes.