Hong Kong Interbank Clearing Limited

Hong Kong Interbank Clearing Limited (hereinafter referred to as “the Company”) is a private organization jointly owned by the Hong Kong Monetary Authority (HKMA) and The Hong Kong Association of Banks. The Company’s key objective is to develop and operate a safe and efficient multi-currency and multi-dimensional financial infrastructure in Hong Kong for:

• large-value interbank fund transfers denominated in HKD, USD, Euro and RMB; 
• interbank money settlement of equity and debt securities transactions in Hong Kong via the linkages with the Hong Kong Securities Clearing Company Limited and the HKMA’s Central Moneymarkets Unit (CMU) system; 
• small-value interbank fund transfers denominated in HKD and RMB via the HKD and RMB Faster Payment System; and 
• interbank clearing and/or money settlement of retail payments, such as paper cheques, autocredits, credit card payments, etc. in Hong Kong.

The Company is also the operator of the HKMA’s CMU system.

Apart from interbank clearing-and-settlement services, the Company and its subsidiaries also support the HKMA and the financial industry to foster the development of the financial technology (“FinTech”) ecosystem in Hong Kong. 

We are looking for a suitable candidate to take up the following job position.

Specialist I (Information Security)

Major Responsibilities

• Participate in the development and maintenance of corporate-wide information security framework, policy, guideline, standard, and operation procedures with reference to ISO27001 standard and applicable best practices;
• Perform day-to-day security administration and operation including but not limited to management of end users and privileged accounts, keys and certificates, review of security logs, performance of technical vulnerability assessment and penetration testing as well as handling of security incidents, etc.;
• Assess and recommend information security control measures, as well as monitor the implementation for major projects;
• Participate in the implementation of security solutions and infrastructure collaborating with internal teams and external service providers;
• Monitor and analyse security events for detection, investigation and response to potential security issue;
• Maintain and monitor appropriate computer and network access controls, data, and physical security to ensure no security exposure;
• Participate in cyber threat intelligence analysis when required
• Assist to define information security risk indicators; collect, analyse and interpret the corresponding statistics for assisting senior management in overseeing information security risk;
• Identify control gaps, review the residual risk level and make recommendation for risk treatment;
• Interpret security key risk statistics for reporting to senior management on regular basis
• Promote security awareness and ensure compliance with applicable security standards
• Review and make recommendation on using of Open Source Software (OSS) and freeware
• Execute security operation procedures in accordance with the corporate information security policy and guidelines when required
• Keep abreast of technological knowledge in managed area of responsibility, and provide recommendations for adaptation of new security technologies and standard with reference to prevailing industry best practices
• Perform other job duties as assigned by the supervisors

Requirements

• University degree preferably in information technology, information security or related discipline
• Minimum 4 years of experience in information security or related field
• Knowledge in security practices and standards commonly adopted by the banking/financial industry such as the Cyber Resilience Assessment Framework (C-RAF), SWIFT Customer Security Controls Framework (CSCF), ISO27001 standard, etc. is an advantage;
• Team player with sound interpersonal, communication and presentation skills as well as excellent problem solving and analytical skills;
• Holder of security certificates - CRISC, CISA, CISM, CISSP or other equivalent certificates is an advantage
• Experience and knowledge in the area of public and/or private cloud security is an advantage
• Practical experience and knowledge in risk management framework and methodology is desirable
• Experience in working for major financial institutions is preferred but not a must
• Good command of written and spoken English and Chinese
• Willing to work shift duty (evening shift normally from 12:30 to 21:30 with shift duty allowance)
• Candidate from non-financial industries will also be considered
• Candidate with less experience may be considered for appointment as Specialist II (Information Security)

How to Apply

Interested parties please send your curriculum vitae stating your current and expected salaries, and contact phone number to the Human Resources Division, Unit B, 25/F, MG Tower, 133 Hoi Bun Road, Kwun Tong, Kowloon or by clicking the " Apply Now " button below:

All applications and personal information collected will be treated in strict confidence and only be used for the purpose of recruitment and selection.  The information collected will be accessed by our authorized personnel only.  Those applicants not contacted by the Human Resources Division within two months from their application date should consider their applications filed for future reference which will be retained for one year for possible future job matching, and destroyed after the expiry of one year.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.