Job title: Information Security Assistant Manager / Senior Officer
Job type: Permanent
Emp type: Full-time
Industry: Retail
Salary type: Annual
Salary: negotiable
Location: Hong Kong, Hong Kong SAR
Job published: 2025-02-10
Job ID: 93351
Contact name: Gloria Ho
Phone number: +85239150224
Contact email: gloria.ho@linksinternational.com

Job Description

Job Description:

  • Oversee Information Security Management by addressing threats and incidents, and driving effective remediation efforts.
  • Collaborate with the Legal team to identify and implement compliance actions for information management and protection laws and regulations.
  • Monitor, track, and manage internal and external compliance requirements (e.g., PCI, Data Privacy) to ensure adherence to established policies, procedures, standards, baselines, and controls.
  • Develop and maintain a comprehensive information management and protection framework to support a robust company-wide governance program.
  • Lead information security awareness initiatives and provide training to all employees.
  • Offer guidance and support to employees through training programs that foster a culture of security and promote best practices within the organization.
  • Manage daily security operations, including conducting vendor and privacy security assessments, enforcing company policies, and communicating updates related to the information security program.
  • Support and align with Information Security requirements across various business units.
  • Collaborate with local ISO members in different regions as part of a regional ISO team.
  • Respond to security incidents involving personal or confidential information, system breaches, local employee data leaks, and physical security breaches.
  • Oversee security for warehouse networks, systems, and physical environments.

 

Requirements:

  • 4-5 years’ experience in a cybersecurity role, particularly in incident response and information security government policy.
  • A degree in IT, Security, Computer Science, or a related field.
  • Solid knowledge and experience in information risk assessment and compliance requirements.
  • Familiarity with information security frameworks and applicable laws, regulations, and standards related to security and data privacy.
  • Strong understanding of information security governance frameworks such as ISO 27001 and ISO 27701, NIST CSF, etc.
  • Preferred experience in conducting risk analysis for cyber threats.
  • Relevant technical or security certifications are a plus (e.g., CISA, CISM, CISSP, SANS, GIAC).
  • Proficiency with common security platforms, including Microsoft Office 365 and networking solutions.
  • Experience in developing and enforcing security policies and procedures.
  • Exceptional communication skills to articulate complex security concepts to both technical and non-technical audiences.
  • A proactive and adaptable approach, with a commitment to staying informed about emerging threats and technologies.
  • Fluency in English and Chinese (Cantonese and Putonghua) is required.