About The Hongkong and Shanghai Hotels, Limited
The Hongkong and Shanghai Hotels, Limited (HSH) is a luxury hospitality and real estate group incorporated in 1866 and listed on the Hong Kong Stock Exchange (00045). It owns and operates some of the world’s finest hotel properties under The Peninsula brand. The company has ten operational Peninsula hotels in exceptional city centre locations in Asia, US and Europe, with a further three under development in London, Istanbul and Yangon. The company owns a total portfolio of HK$45 billion in assets (US$5.8 billion), comprising a small number of ultra-luxury hotels, strategic real estate assets and tourism assets, including The Peak Tram – one of Hong Kong’s most popular tourist attractions. HSH businesses are grouped under three divisions: hotels, commercial properties and clubs and services.
Senior Manager, IT Security and Risk
Reports to the Group General Manager, Information Technology, this position is responsible for the implementation, operation and overall management of IT Information Security. This includes the development and implementation of a comprehensive information security and data protection program, technology refresh for information security controls, user education and training, compliance and enforcement, incident response and investigation, risk assessment, and contribution to disaster recovery planning.
In this role, you will:
be responsible for system and data protection for all operations in the technology risk management area and oversee the implementation of it relevant policies and procedures in all locations
be in charge of key security programs including Fraud Prevention & Detection, Security Incident Response and Security Investigations, 3rd Party Vendor Risk Assessments, Cyber Security Response Plan etc
enforce security policies and procedures by development, administering and monitoring security profiles, reviewing security violation reports and investigating possible security exceptions
identify and report technology risks and develop appropriate risk mitigation plans for deployment readiness
plan and implement strategic change initiatives required for the Group to physical meet IT policies and procedures and ensure these are implemented and well maintained around the Group
design, conduct and manage security assessments, responsible for promoting and facilitating activities to create information security awareness within the Group
keep abreast of current security threats and stay current with security technology evolution
If you have:
5-8 years IT related experience with specialized knowledge of IT security policies, standards and operating procedures in large global organizations relating to information security risk
University degree in Computer Science/Information Technology or related disciplines
Knowledgeable on technology risk management process and tools
Familiar with security technologies, such as threat management, network security, access control, cryptography, database security, vulnerability scanning etc
Fluency in English, spoken and written
A self-starter, resilient, focussing on delivering services and results over a global time clock
Willing to travel
tell us about yourself.
Personal data collected will be used for recruitment purposes only.
Applicants who do not hear from us within one month may consider their application unsuccessful.
Personal data of an unsuccessful applicant will be destroyed within six months.