Position Summary

• Plan, coordinate and drive information security programs among the teams
• Define a world class information security strategy for GEG, focusing on Attack Mitigation, Incident Detection, Risk Remediation, and etc
• Define and recommend information security policies for approval by management
• Align information security framework with the GEG business strategy and objectives
• Promote information security awareness among the GEG
• Lead Information Security Incident Management Process from identification, analysis, containment, eradication, communication and reporting. Working with internal and external parties to identify the root cause and design the mitigation measures
• Manage information security risk portfolio with IT Risk Compliance Manager, and work with other team to make sure all the risks are properly addressed
• Plan and manage team skills through training and acquisition of new talent where appropriate
• Manage, mentor and inspire the information security team members to deliver high quality results
• Update the management and major stakeholders with latest information security trends, threat, and solutions
• Communication – timely and effective communication with senior management

• Bachelor's degree in computer science, computer engineering, systems analysis, or a related study, or equivalent experience
• 6 or more years of experience in not less than one IT discipline including, but not limited to; application support, application development, data analysis, data center, servers and storage, networking, middleware, database management, IT operations, etc
• Excellent written and verbal communication skills with an excellent ability to communicate in English.  The ability to communicate in Cantonese and/or Mandarin will be an advantage
• Excellent planning and organizational skills
• Excellent interpersonal skills, including teamwork, facilitation and negotiation
• Strong leadership skills
• Excellent analytical and technical skills
• Excellent ability to translate business needs into technical requirements
• Excellent problem solving skills
• Excellent customer service skills
• Excellent knowledge of financial models and budgeting
• Excellent ability to tactfully and positively manage and maintain business relationships
• Have at least 5 years experiences in information security management domains
• CISSP or CISM is a must; CRISC or CISA certifications is an added advantage