Project Nature:
IT projects and on-going support for a statutory body, Auxiliary Medical Service (AMS) and Civil Aid Service (CAS) on IT security related matters.
Duties:
- Serve a contract assignment under InfoTech's headcount, full-time second to serve a statutory body:
- Enhance, support and monitor suspicious events of IT security infrastructure including but not limited to end-point protection solution, end-point / network detection and response system (EDR/NDR), web application firewall (WAF), privileged account management system (PAM), centralised log management system, security information and event management system (SIEM), mobile device management system (MDM), web filtering system, patch management system, etc.;
- Manage the security aspects of network infrastructure including network appliances and firewalls;
- Manage security matters including configuration and hardening of servers and network appliances, recommend on application / program hardening;
- Serve as security administrator in IT security organisations including the Information Security Steering Committee and IT Security Management Unit to provide updates on all IT security related matters;
- Spell out, monitor and ensure necessary technical IT security controls are in place and functional throughout system development life-cycle and on-going system operations, in particular in the areas of access control, operations security, system acquisition / development / maintenance, business continuity, etc. Assist in user acceptance planning and execution in IT security perspectives. Ensure quality procedures, techniques and tools are used;
- Review system development project deliverables, documentation and operating procedures, identify IT security shortfalls and recommend improvements;
- Review and update the departmental IT security policies and guidelines according to the latest changes in Government-wide baseline or ad hoc circulars, and provide recommendations to plug the compliance gaps;
- Coordinate application and infrastructure teams to produce and maintain IT security related system documentation including capacity management plan, up-to-date hardware and software list, configuration and network diagrams, etc.;
- Monitor software end-of-support, produce migration plan, and ensure on-time completion of associated measures;
- Identify new threats and known vulnerabilities, perform risk assessments to determine mitigation approach, update security risk register, ensure on-time completion of mitigation measures and reporting to supervisory bodies;
- Conduct in-house IT security risk assessment and IT security awareness training, managing IT security risk assessment and audit (SRAA) exercises, privacy impact assessments (PIA), as well as compliance audit/check by external parties;
- Provide first-line support for security incidents and coordinate disaster recovery drills and security incident drills;
- Assist in procurement, setup, maintenance and support of IT equipment and services underpinning the security tools;
- Provide technical advices to support latest IT security and business requirements;
- Engage and collaborate with stakeholders to meet business objectives;
- Carry out other technical and administrative duties assigned by the supervisor.
- On-site or remote support out of office hours is required when necessary, which will be compensated by time-off in lieu.
Requirements:
- Degree in computer subjects or related disciplines;
- At least one of the industry-recognised IT security certifications (e.g. CISA, CISSP, CISP, etc.)
- Hands-on experience in technical support for IT security infrastructure and network equipment (e.g. Cisco, H3C, Huawei, etc.);
- Hands-on experience in IT security design, implementation and operations in application system development projects, preferably using the Government Cloud Infrastructure Services (GCIS);
- Experience in the technology and security risks of cloud-native applications running in a virtualised and/or containerized environment;
- Experience in compliance of government IT security policies and guidelines (e.g. S17, G3, SRAA, PIA), preferably for Tier 2 or Tier 3 systems;
- Good command of written and spoken English and Chinese;
- Good communication skills and customer service skills;
- Independent, self-motivated and good sense of responsibility; and
- Pleasant personality and good interpersonal skills.
- The appointed staff will work mainly in Admiralty, Yau Ma Tei and Ho Man Tin, and may need to work in Wanchai, North Point, Kwun Tong, Cheung Sha Wan, Kowloon Bay and Sha Tau Kok when necessary.
Technical Skills:
- At least 4 years' experience in IT Security (ITS);
- At least 3 years' experience in Network & System Management (NSM);
- At least 3 years' experience in Anti-Virus Technology (AVT);
- At least 2 years' experience in Intruder Detection/Alert Technology (IDA);
- At least 2 years' experience in Security Risk Assessment and Audit (SAA);
- At least 2 years' experience in Security Incident Detection and Handling (SDH);
- At least 2 years' experience in IT Security Scanning Tools (SST);
- At least 1 year's experience in Endpoint Security Solutions (ESS);
- 1 year's experience in Anti-Spam Technology (AST) is an advantage;
- . 1 year's experience in CISCO IOS Software & CISCO Products (CIP) is an advantage;
- 1 year's experience in Intrusion Prevention System (IPS) is an advantage;
- 1 year's experience in PC LAN Support (PLS) is an advantage.
Non-technical Skills:
- At least 2 years' experience in customer service (CLS);
- At least 2 years' experience in IT audit (ITA);
- At least 1 year's experience in managing corporate IT security framework (CSF);
- At least 1 year's experience in work with the Government (GOV);
- 1 year's experience in managing Government IT standards (ITG) is an advantage.
Bachelor's degree/Higher Diploma in Computer Science, IT or equivalent;
At least 6 years' post-qualification experience in which at least 3 years' relevant experience in a similar post and in a comparable capacity.
Original JD
Application: [via CTgoodjobs Apply Now]
Direct Line for this post: (852) 3978 8032
