Manager, Information Security Administrator

Job Purpose

Leads and coordinates audit-related activities, including evidence collection, report generation, and response preparation, ensuring timely and accurate delivery to internal and external auditors. They play a key role in supporting compliance initiatives across cybersecurity, data privacy, and operational risk domains, helping maintain the organization's regulatory and governance posture.

Main Responsibilities

Security Policy & Governance:

• Develop, implement and maintain policies and procedures in relation to security administration (e.g., identity and access management).  

Infrastructure Security & Compliance:

• Oversee the security posture of all IT infrastructure components, ensuring full compliance with corporate security policies and industry best practices.
• Extend compliance oversight to IoT devices, including CCTV systems, door access control, and other network-connected physical security technologies.
• Collaborate with facilities and operations teams to integrate physical and digital security controls. 

Certificate & Key Management:

• Manage the lifecycle of TLS/SSL certificates, including issuance, renewal, revocation, and secure storage.
• Maintain an accurate and up-to-date inventory of encryption keys, ensuring proper rotation and access control. 

Audit Support & Compliance:

• Lead and coordinate audit-related activities, including evidence collection, report generation, and response drafting.
• Ensure timely and accurate delivery of audit materials to internal and external auditors.
• Support compliance initiatives across cybersecurity, data privacy, and operational risk domains.

Requirements

Education And Qualification:

• A bachelor's degree / diploma in computer science, information technology, or a related field is often preferred.
• Possess one or more certificates in CISSP / CISA / CISM.

Work Experience:

• Minimum 5 years of relevant experience in IT security, infrastructure security, or a similar role.
• Experience in banking industry is preferred. 

Technical Skills:

• Experience supporting audit and compliance processes (e.g., internal/external audits, regulatory reviews).
• Strong understanding of network and infrastructure security, security policy frameworks and regulatory standards (e.g., ISO 27001, HKMA, SFC).

Personal Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and documentation abilities.
• Ability to work independently and in a team-oriented environment.
• Commitment to continuous learning and professional development.