Manager, Information Security

John Swire & Sons (H.K.) Limited

A highly diversified, global corporation, the Swire group's businesses encompass property, aviation, beverages and food chain, as well as marine and trading and industrial activities. Its core businesses are mainly focused on Asia, with its key operations in Hong Kong and the Chinese mainland. The Swire group's businesses in Asia are held by the listed company, Swire Pacific Limited.

John Swire & Sons (H.K.) Limited is the holding company of the publicly-listed conglomerate, Swire Pacific Limited. Our IT & Digital Department is now inviting candidates to apply for the following positions:

Manager, Information Security

The role would define strategic roadmap, policies and procedures to achieve optimal level of IT risk management and security. The job holder would also enhance the overall resilience of the company against territory-wide cyber attacks and maintain IT Risk Registry.

Responsibilities: 

• Conduct regular risk and security maturity assessment, maintain IT risk registry, and formulate regular work plan to mitigate risk and ensure security compliance.
• Develop security operation model and team structure, and evaluate appropriate solutions for integration
• Monitor budget and deliver IT risk reduction and  security projects. Manage day-to-day operations on security incidents, vulnerabilities reduction and exemptions
• Recommend security requirements for IT & Business project implementation, and mediations based on compliance results
• Provide technical advice on solution implementation & operations, e.g., security management, system software obsolescence, disaster recovery, business continuity planning etc. 
• Monitor IT risk and security operations regularly, and manage outsourced SOC and any security outbreak
• Work closely with the group on security awareness promotion and work on IT risk & security related user communications 

To be successful in this role, you must have:

• A Bachelor’s degree in Computer Science, Information Technology or related discipline
• At least 8 years of experience in IT infrastructure projects and operations, with at least 3 years in Information Security and team leadership experience
• Professional qualifications such as CISSP, CISA, CISM or CEH would be desirable
• Solid experience in IT governance, risk and compliance management, and security solutions planning, evaluation and roll-out
• Hands-on experience in security monitoring and operation e.g. Vulnerability Scanning, DLP/EDR, NGFW, IDS/IPS, CASB, WAF, Privileged Access Management, SIEM, SOC/SOAR, Active Directory Security
• Strong understanding of NIST CSF, SANS, CIS, ISO27001 or related security frameworks
• Experience in Cloud Security, such as Azure Security, AWS Security, Microsoft 365 Security would be advantageous
• Excellent communication skills in both written and spoken English and Chinese. Fluent Putonghua is desirable

Application:
At Swire, we are committed to creating an inclusive and supportive working environment for all our people regardless of their age, gender, gender identity, sexual orientation, relationship, family status, disability, race, ethnicity, nationality, religious or political beliefs. We believe in creating an environment where people feel comfortable at work and are able to realise their full potential.

We offer a competitive package to the right candidate. If you meet the qualifications and are interested in this position, you can send your application by clicking ‘Apply Now’. We will contact all shortlisted candidates.

The Swire group is an equal opportunity employer. All applications received will be used exclusively for selection purposes and handled confidentially by authorised personnel only. Your application may also be considered for other suitable positions within the Swire group (please indicate clearly on your application if you would not like to be considered for other positions within the group.) Following data privacy ordinance, all unsuccessful applications will be destroyed after an appropriate time.