Key Accountabilities

As the Security Consultant (Security Strategy, Risk and Compliance) you will be the team member the SSRC practice. You will be working on client engagements focused in delivering information security projects related to our Security Strategy, Risk and Compliance (SSRC) practice. Specific responsibilities will include:

• Participate delivery of consultancy assignments in information security projects related to Governance, Risk and Compliance;
• Conduct information security certification audit and consulting projects, such as PCI-DSS audit / consulting, ISO27001 ISMS consulting, Privacy Impact Assessment;
• Perform various types of Cybersecurity risk assessment / consulting project;
• Conduct regulatory compliance assessment / advisory projects on IT perspective, specifically for Hong Kong, Singapore, China and Taiwan;
• Interact with the client’s senior to middle management and provide strategic level advices on the cybersecurity domains;
• Provide consultancy advices to client in closing technology control gaps / vulnerabilities in a practical way;
• Implementing information security policies, procedures, standards, guidelines for clients;
• Support pre-sales activities of the SSRC practice;
• Work with other regional team to improve the SSRC service delivery frameworks.

Experience Skills and Qualifications

As the Security Consultant (Security Strategy, Risk and Compliance) your skills and qualifications will include:

• Possess at least 3 years of working experience related to information security practices
• Requires degree level of education, or significant experience and track record with tertiary qualifications.
• Possess of information security or IT audit certifications, such as CISA/CISM/CRISC/CISSP/CSX
• Holder of security assessor certificates (with good standing) is preferred, such as PCI QSA certification or ISO27001 Lead Auditor
• Experienced in a pre-sales, consulting or equivalent capacity
• Project management experiences is preferred
• Experiences in penetration testing is preferred
• Has experience in technology audit, risk assessment, policy review and control review type of engagement with financial services industry, or other specific industry such as public sector, automotive, pharmaceutical, gaming and entertainment and etc.
• Experiences in handling regulatory requirements on financial services industry, such as HKMA, MAS, SFCHK, PBOC, CBRC, Taiwan FSC and etc.
• Demonstrate excellent skills in structured problem solving techniques, creativity and intelligence in the development of solutions to customer problems
• Be self-motivated and self-disciplined with a demonstrable and successful track record in delivering consultancy projects to all sizes of organizations
• Have good presentation skills with the ability to present to audiences of both business and IT stakeholders
• Have good written communication and report writing skills
• Must be a good team player
• Demonstrate commitment to delivering projects within time and in budget and to a high level of client satisfaction
• Be willing to travel across regions
• Candidates who possess less experience will be considered as Associate Security Consultant (Security Strategy, Risk and Compliance).