Hong Kong Internet Registration Corporation Limited (HKIRC) is a non-profit and non-statutory corporation responsible for the overall administration of “.hk” domain name system, a critical internet infrastructure in Hong Kong.  HKIRC is also responsible for the cooperation with local and international bodies on issues relating to the development and administration of internet domain name systems. We are looking for highly motivated, responsible, independent, and proactive candidates for the post of: Manager (Governance & Security, Information Technology)

Summary:
Responsible for driving the company’s IT governance and security management frameworks and their on-going development. Working on reviewing and improving established IT practices and controls, engaging stakeholders for effective implementation, execution, and continuous improvements.

Responsibilities:

• Establish and maintain IT group policies, standards, and guidelines based on industry best practices, company requirements, and local regulations
• Able to protect sensitive data and information systems while ensuring their confidentiality, integrity and availability 
• Keep abreast of technologies and developments in cyber security and bring in to enhance the company’s system whenever appropriate 
• Regularly review internal policies and global standards (e.g., NIST, ISO 27001, PCI DSS) to ensure ongoing compliance.
• Regularly review ITSM process flows (e.g., ISO20000 or ITIL v4) to ensure ongoing service quality.
• Perform technical risk assessments and information security assessments 
• Assist IT teams in internal and external audits, including pre-audit review, liaison with auditors and stakeholders, and post-audit follow-up
• Conduct technical security assessments on IT and digital initiatives and projects
• Provide awareness training on relevant policies and guidelines
• Explore technical solutions to protect company assets related to information
• Investigate and manage cyber security incidents
• Skillful in utilizing tools and techniques to access the effectiveness of information security measures, identify potential risk exposures and develop corresponding mitigation measures, and conduct post-event reviews of security incidents 
• Deliver trainings or presentations whenever needed  

Requirements:

• Minimum 10 years or more solid experience in IT governance, security, and/or compliance areas in a Non-governmental Organization (NGO), preferably with IT experience in Regional / Global organization. 
• Practical experience in dealing with computer security incidents, security vulnerabilities and intrusion detection systems 
• Practical knowledge in global standards/frameworks, such as NIST, ISO/IEC 27001, ISO20000, PIPL, GDPR, ITILv4 and PCI DSS
• Proactive, strong problem-solving skills and ability to work under pressure
• Possession of related professional certification (e.g. CRISC, CEH, CISA or CISSP, ISO27001 etc.) is an advantage
• Strong project management and organizing skills, certification holder of PMP, PRINCE2, SCRUM and Agile preferred
• Experience in mission critical security solutions and deployments include but not limited to vulnerability scanning, penetration testing, application security testing tools, DNSSEC, SSL / e-Cert, EDR/XDR, IDS/IPS, Load Balancers, Different layers of Firewalls and DLP …etc. is an advantage
• Sound knowledge and passion in learning cyber security technologies and familiarity with domain name registration industry is an advantage
• Strong communication and excellent oral & written report writing & presentation skills in English, Cantonese and Putonghua 
• Excellent interpersonal skills, well organized and team player  

(Less experience would be considering as Assistant manager – e.g. 5-8 Years)

Shuttle buses between Tai Wai, Mei Foo, Tsuen Wan, Tuen Mun, Yuen Long, Kowloon Tong, Olympic, Mongkok, Lam Tin, Yau Tong, Hang Hau, Sheung Wan, Sai Wan, Kennedy Town, Taikoo Shing and Cyberport are available.
 

Attractive remuneration and fringe benefits will be offered to the right candidates. Interested parties please send Resume with Expected Salary (a must) to the Head of HR and Admin by clicking Apply Now.

The employment agreement will be made with Hong Kong Domain Name Registration Company Limited which is a wholly owned subsidiary of HKIRC. Welcome to visit our company web-site www.hkirc.hk for more information.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the company’s notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.