As a member of the IS&T Planning & Governance team, the Assistant Manager is responsible for assisting to measure and monitoring of IT risk and compliance in order to protect of GEG's information assets. He/she will work under the supervision and guidance from the Manager to provide support to the development, management and implementation of corporate-wide information security controls.
Primary Responsibility• Assist in design and review the relevant governance & compliance areas in the IS&T Solution Assessment (ISA) process to ensure the alignment with IT standard, governance framework, policies and regulatory requirements.
• Provide coordination support for on-going internal/external audits activities including government regulation
• Provide support for information security systems and programs including data protection, risk management and compliance
• Assist in managing remediation planning and implementation status in conjunction with audit findings
• Assist in providing continuous improvements to strengthen the efficiency of internal process and controls.
• Assist in development and maintain IT policies guidelines and standard operation procedures
• Assist in building and maintain sustainable relationships with IS&T teams to ensure the security controls are properly understood and implemented.
• Assist in building and promoting Information Security training and Awareness Programme.
• Assist in building automated solutions to expedite the lifecycle of internal and external audit processes end-to-end.
• Conduct reviews and compliance checks for IT processes to ensure compliance and effectiveness.
• Coordinate with various IS&T departments to integrate IT governance practices into daily operations.
• Coach junior team members and transfer necessary skills to them for further career development.
• Bachelor's degree in computer science, computer engineering, systems analysis, or a related study, or equivalent experience.
• 4 or more years of experience in not less than one IT discipline including, but not limited to; application support, application development, data analysis, data center, servers and storage, networking, middleware, database management, IT operations, etc.
• Excellent written and verbal communication skills with a strong ability to communicate in English. The ability to communicate in Cantonese and/or Mandarin will be an advantage.
• Strong planning and organizational skills.
• Strong interpersonal skills, including teamwork, facilitation and negotiation.
• Good leadership skills.
• Strong analytical and technical skills.
• Strong ability to translate business needs into technical requirements.
• Strong problem solving skills.
• Strong customer service skills.
• Good knowledge of financial models and budgeting.
• Good ability to tactfully and positively manage and maintain business relationships.
• Minimum 2 years of experiences in information security management domains.
• CISSP or CISM, CRISC or CISA certifications is an added advantage.