Senior Manager - Cybersecurity

Our Client is hiring Senior Manager - Cybersecurity to join them due to expansion.

The successful candidate will serve as the primary oversight point for third-party contractors' cybersecurity operations, acting as the internal team's strategic liaison and control mechanism. You will ensure contractors adhere to contractual obligations, regulatory requirements, and industry best practices while continuously protecting the firm against evolving cyber threats.

This is a hands-on, operationally focused role requiring deep contractor management expertise, technical security acumen, and proven ability to drive security governance across multiple technology and service provider domains.

Key Accountabilities

1. Oversee and evaluate the contractors cybersecurity operations, including 24x7 security monitoring, threat detection capabilities, and incident response readiness.
2. Ensure the contractors implementation of multi-layered data protection, encryption standards, and secure handling of confidential information complies with government policies and regulatory requirements.
3. Validate that contractor managed security controls operate effectively and are properly configured with operate effectively and are properly configured.
4. Collaborate with contractors and cross-functional teams to implement projects and system enhancement that mitigate security risks and address vulnerabilities.
5. Manage working relationships with contractors.
6. Review contractors security policies, procedures, and technical controls against MPFA guidelines, Digital Policy Office (DPO) requirements, PDPO, ISO 27001, NIST Cybersecurity Framework, and international best practices.
7. Lead and drive cybersecurity initiatives, enhance proactive threat management, and strengthen the organizations security.
8. Oversee the monitoring of Contractor performance in cyber security detection and respond to potential security incidents promptly.
9. Develop strategic security enhancements to improve platform resilience against emerging threats.
10. Drive security-focused initiatives to enhance the platform cybersecurity framework.
11. Design and implement advanced security tools and frameworks, including Threat modeling, Zero Trust modeling, Cyber Architecture and Threat Intelligence Platform.
12. Hands-on experience in identifying risks, implementing security enhancements, and collaborating with contractors and technology risk management team to ensure compliance with international cybersecurity standards and frameworks.
13. Lead cybersecurity exercises such as penetration testing and Red Team / Blue Team / Purple Team, simulations to test and strengthen defenses.
14. Prepare detailed reports, presentation slides, and insights for senior executives to support informed decision-making.

Skills and Qualifications

1. Degree holder in Computer Science, Information Security, Cybersecurity, or related discipline.
2. Relevant security management and IT audit qualifications certifications (preferred), e.g., CISA, CISM, CISSP, CRISC or equivalent.
3. Minimum 7-10 years or more of relevant experience in multiple areas in
4. Cybersecurity operations and management.
5. Information security risk management.
6. Managed Security Services Provider (MSSP) oversight and management.
7. IT security architecture or enterprise security.
8. Working within regulated industries (financial services, government, or utilities preferred).

Technical Knowledge & Skills:

1. SIEM platforms (operational knowledge and interpretation).
2. Firewalls and Next-Generation Firewalls (NGFW).
3. Web Application Firewalls (WAF).
4. Database Firewalls.
5. Endpoint Detection & Response (EDR) and Antivirus solutions.
6. Extended Detection & Response (XDR); Security Orchestration, Automation & Response (SOAR); User and Entity Behaviour Analytics (UEBA).
7. Identity & Access Management (IAM) systems and Intune.
8. API security and Kubernetes (K8S) security principles.
9. Threat Vulnerability Management (TVM).
10. Private Cloud security.
11. Experience with threat intelligence platforms.
12. Zero Trust security models and modern security architecture.
13. Proven knowledge of security private cloud environments.
14. Knowledge of AI security is an advantage.

Regulatory & Compliance Knowledge:

1. Personal Data Protection Ordinance (PDPO) – Hong Kong specific.
2. ISO 27001 / ISO 27002 standards.
3. NIST Cybersecurity Framework.
4. Critical Infrastructure Protection (CIP) principles.
5. Digital Policy Office (DPO) guidelines (Hong Kong).
6. Cybersecurity law in China.

Managed Third-Party Vendor Management:

1. Proven ability to manage Third-Party Services Providers.
2. Experience with Cybersecurity posture reporting, monitoring, and enforcement.
3. Contract compliance verification and audit support.

Soft Skills:

1. Excellent written and verbal communication skills in both Chinese and English.
2. Ability to present technical security concepts to non-technical stakeholders and senior management.
3. Strong stakeholder and relationship management abilities.
4. Independent and yet a good team player with strong market sense in Cyber-Industry and analytical thinking.
5. Keen and willing to work with all the flexibility that requires, and level of change involved.

Application

Please submit your resume along with your current and expected salary. Personal data collected will be treated confidentially for recruitment purposes. Candidates not invited for an interview within six weeks may consider their application unsuccessful.

Equity Opportunity Statement

We are an equal opportunity employer and welcome applications from all qualified candidates. Personal data collected will be handled confidentiality by authorized personnel for recruitment-related purposes.

Address

Room 1202, 12/F, Harcourt House, 39 Gloucester Road, Wan Chai, Hong KOng

Contact Number

2835 9688

Website

www.edps.com.hk