- Improve cyber defence capability.
- Improve security monitoring capability.
- Improve security incident response capability.
Anomalies activity and cyber incident detection
- Manage the anomalies activity detecting process.
- Assess the monitoring needs and define the monitoring scope and approach.
- Work closely with Security Operation Center to ensure that the monitoring process are effective.
- Oversight and monitor on the activities performed by the Security Operation Center.
- Monitor security events reported to ensure that all events are properly handled.
- Response to security events escalated from the Security Operation Center and work with the relevant parties to investigate and response when needed.
- Develop relevant information security metrics to monitor the banks information security posture and translate it into meaningful insights for the senior management.
Cyber incident response and management
- Manage security incident and develop response plan and playbooks for various attacks and security events.
- Oversight and monitor security incidents to ensure that all incidents identified are managed according to the incident management procedure and response plans.
- Ensure escalation and reporting process are in place and followed.
- Perform analysis to assess incident impact and determine whether the involvement of external investigators or forensic analysis are required to support incident investigation.
- Work with external investigators on forensic analysis during cyber and information security incidents.
- Drive the banks regular incident response drills exercise in responding to cyber and information security incidents.
Threat monitoring and analysis
- Monitor threat intelligence from various sources to discover emerging cyber threats affecting the bank and customers.
- Perform threat analysis and to identify potential security controls or remediation and other security improvement in response to the threats.
- Perform threat hunting, leveraging available indicators of compromise, to identify potential threats that are lurking undetected.
- Threat intelligence sharing and to collaborate with 3rd parties and industry peers.
- Manage the threat and vulnerability management program.
- At least 7 years of experience in information & cyber security from either the banking and finance industry or security consulting with primary focus on Incident Response or Intrusion Detection.
- Solid understanding of incident response, threat modeling and common attack vectors, adversary tactics, techniques & procedure, MITRE ATT&CK framework.
- Hands on experience in using Splunk Enterprise Security, analyzing security log & network traffic, identifying, and investigating security incidents.
- Prior experience in malware analysis, virus exploitation and mitigation techniques, and digital forensic.
- Understanding of network, desktop and server technologies, network intrusion methods, network containment, segregation techniques, IDS and IPS.
- Degree holder major in Computer Science or related field.
- Relevant certification in information security (e.g., CISSP, CISA or CISM etc.)
A licensed virtual bank in Hong Kong