Cybersecurity Specialist (Financial Services Consulting)

In your role as a Cybersecurity Specialist, you will:

• Provide expert advice on security frameworks and best practices. Develop and implement cybersecurity strategies tailored to financial institutes and collaborate with clients to enhance their cyber security posture and compliance with regulations.
• Conduct risk assessments, vulnerability analyses, penetration testing and/or attack simulation to identify potential threats.
• Monitor and respond to security incidents, ensuring rapid remediation.
• Stay updated on emerging threats, technologies, and regulatory changes. Conduct training and awareness programs for clients and internal teams.
• Prepare and present reports on cyber security status and improvements.
• Conduct detailed penetration tests and vulnerability assessments across various IT systems within financial institutions, including but not limited to systems handling virtual assets.
• Develop security testing plans that are tailored not only to traditional financial systems but also to emerging technologies associated with virtual assets, such as blockchain.
• Collaborate with clients to assess and enhance their cybersecurity measures, with a particular focus on technologies involved in the management and transaction of virtual assets.
• Perform IT and security assessments based on regulatory requirements from bodies such as HKMA, SFC etc., ensuring compliance while addressing specific security concerns.
• Engage directly with client stakeholders, providing clear communication regarding security vulnerabilities, implications, and strategic recommendations.
• Maintain up-to-date knowledge of the latest cybersecurity threats, regulatory changes, and advancements in technology impacting both traditional financial services and the virtual assets sector.
  
   

• A bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field.
• 2-5 years of experience in cybersecurity, advantage with specific expertise in penetration testing and/ or simulation attacks. Candidate with more experiences will be considered for a senior role.
• Experience with Big4 or similar consulting firms. Experience in virtual assets, blockchain technology, or related fields is highly preferred.
• Relevant industry certification such as CISM, CISSP. Additional certifications in cybersecurity or blockchain technology, such as OSCP, OSCE, OSEE, GPEN, CREST, are advantageous.
• Demonstrated ability to think analytically and solve complex problems.
• Excellent interpersonal and communication skills, capable of engaging effectively with both technical and non-technical stakeholders.
• Proficiency in English; fluency in Cantonese and Putonghua is highly preferred.
• Advanced skills in report writing and the creation of professional, insightful presentations and reports.
• Familiar with security standard references such as OWASP, SANS, NIST.
• Knowledge and experience of security testing methods and techniques, including network, operating system and application system configuration review and internal/external penetration testing.
• Knowledge and experience in web and mobile application security review and testing are desirable.
   

What we offer

We recognise that rewards are important to you. On top of the basic salary you will be receiving, we offer a range of staff caring benefits and policies including medical and dental insurance, life insurance, a 5-day working week, discretionary performance bonus, birthday leave, and marriage leave. Please apply with a detailed resume, contact numbers, current salary, expected salary, and availability in strict confidence.

All applications received will be used strictly for selection purpose only.