Job Description:

• Develop and implement group-wide cybersecurity policies and standards.
• Monitor and analyze security events and suspicious activities periodically.
• Lead security acceptance tests and exposure risk assessments.
• Innovate and evolve intelligence cyber security to enhance operational efficiency and security protection
• Explore, evaluate and recommend security tools and technologies to enhance the organization’s defense posture
• Developing and delivering cybersecurity awareness programs for employees
• Implement and maintain security controls to protect IT environments.
• Communicate with engagement teams to manage security dispensation registries.
• Conduct security incident drills and vulnerability scans periodically.
• Conduct ongoing research on emerging threats and vulnerabilities to inform proactive defense strategies
• Maintain detailed logs and reports of security incidents and response actions
• Provide recommendations for security exemptions for management review.
• Govern compliance with group policies and regulatory requirements.
• Lead third-party resources and contractors effectively.
• Maintain and operate security monitoring and penetration testing tools.
• Develop processes for security incident response and handling.
• Perform other tasks assigned by superiors.
• Receive calls from company users and process cases based on support flow


Job Requirement:

• Bachelor's degree or above, with a preference for relevant qualifications in Computer Science, Electrical/Electronic Engineering, Information Technology or Cyber Security
• Preference for relevant professional qualifications/certificates in CISSP / CISP / CCNA / GCIH / CEH /CISA
• Minimum of 3 years of relevant work experience in Information Technology
• Understanding of current and emerging cyber threats, including malware, phishing, ransomware, DDoS, MITM attacks, and zero-day exploits
• Understanding of Familiarity with NIST, ISO/IEC 27001, CIS Controls, and other industry-recognized security frameworks and standard
• Firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and secure network architecture.
• Data encryption, access control mechanisms, and secure data handling practices
• Antivirus solutions, endpoint detection and response, secure coding practices, and application vulnerability management
• Securing cloud environments, including identity management, encryption, and compliance controls
• Role-based access control, multi-factor authentication, and user provisioning/de-provisioning
• Knowledge of detect, analyze, and respond to security incidents with Security Information and Event Management platforms, log analysis tools and forensic tools
• Knowledge of vulnerability scanning tools and remediation strategies; ability to assess and prioritize risks
• Understanding of data protection laws and regulations (e.g., GDPR, PCI-DSS, local Macao regulations) and how they apply to enterprise environments
• Ability to draft, review, and enforce cybersecurity policies and procedures across the organization
• Deliver cybersecurity awareness programs to internal company
• Skills in documenting incidents, creating reports, and presenting findings to technical and non-technical audiences
• Fluent in spoken and written Cantonese, Mandarin & English


Interested parties, please apply via:
• Email the detailed resume to careers@sjmresorts.com
• Hotline 8297 0979 / 8297 0969