Skip to main content

IT Security Manager (Ref. ITSM)

  • Full-time
  • 2025.03.14
  • 3-year fixed-term contract
  • Information Technology Division

IT Security Manager (Ref. ITSM)
Information Technology Division
3-year fixed-term contract

 

We are seeking an experienced and proactive IT Security Manager to lead and enhance our IT governance and cybersecurity framework. The successful candidate will ensure the confidentiality, integrity, and availability of our IT systems and data while continuously improving security measures and compliance with industry best practices and regulatory requirements.

 

Requirements:

  1. Degree in Information Technology, Cybersecurity, or Computer Science
  2. Professional cybersecurity certifications (e.g., CISSP, CISA, CRISC, CEH, ISO 27001) mandatory
  3. 10+ years of solid experience in IT security, governance, and compliance, preferably in public organisations
  4. Strong knowledge of cybersecurity frameworks, standards, and regulations (e.g., ISO 27001, NIST, ITIL v4)
  5. Familiarity with development and use of Artificial Intelligence (AI) solution, and related security measures and controls
  6. Familiarity with Digital Policy Office (DPO) security policies and guidelines (e.g., G3, S17)
  7. Proven expertise in conducting Security Risk Assessment and Audit (SRAA), Privacy Impact Assessment (PIA), and Personal Compliance Audit (PCA)
  8. Experience with security tools and technologies, including intrusion detection/prevention, endpoint security, and cloud security solutions
  9. Experience in IT project management (e.g., PMP, PRINCE2, Agile, SCRUM) is an advantage
  10. Strong analytical, problem-solving, and communication skills.  Proficiency in English and Chinese

 

Responsibilities:

  1. Develop and maintain IT security policies, standards, and guidelines.  Manage and oversee IT projects
  2. Strengthen cybersecurity defences, conducting security audits and implementing risk mitigation measures
  3. Monitor emerging cybersecurity threats and recommend enhancements
  4. Conduct security assessments, penetration testing, and vulnerability management
  5. Lead investigations and responses to cybersecurity incidents
  6. Ensure compliance with DPO security policies and guidelines
  7. Collaborate with internal stakeholders on IT security requirements
  8. Advise internal stakeholders on IT security aspects of the Council’s projects, tasks and work
  9. Deliver security awareness training to employees to promote a strong cybersecurity culture
  10. Monitor cloud security risks, detect anomalies, and respond to potential threats effectively
  11. Undertake any additional tasks assigned by the Council or supervisor to support IT security initiatives and organisational objectives
     

Terms of Appointment & Fringe Benefits

Appointment will be offered on a 3-year fixed-term contract.  Fringe benefits include paid leave, medical insurance and MPF.

 

Application forms are available on the Council’s website https://www.consumer.org.hk/.  Interested applicants are invited to apply to the Director of Human Resources by sending the completed application form and a resume together with a cover letter explaining why they consider themselves suitable for the position by 24 March 2025.  Applications should be sent by e-mail to recruit@consumer.org.hk.  Candidates not invited for interview by the end of July 2025 may assume that their applications are unsuccessful.

 

The Consumer Council is an Equal Opportunity Employer.

 

Personal Information Collection Statement

  1. You must provide the personal data marked as mandatory in the application form.  Otherwise, the Council may not be able to process your application.
  2. The personal data collected during the application process will be used for recruitment of the post, including assessing your application and contacting you, and other directly related purposes.  For such purposes, we may disclose your personal data to consultancy firms engaged by the Council and members of an assessment panel to assist in the recruitment.    
  3. Personal data of unsuccessful candidates will be retained for a maximum of 2 years from the closing date of application, thereafter the data will be destroyed.
  4. You have the right to request access to and correction of your personal data held by the Council, by submitting your request in writing to the Compliance and Administration Officer at 22/F, K. Wah Centre, 191 Java Road, North Point, Hong Kong.  The Council may charge you a fee for the processing of such request.  
  5. Please refer to the Privacy Policy at https://www.consumer.org.hk/en/privacy-policy for more information on the Council’s privacy policies and practices.