Role:
The Contract Senior Technical Specialist plays a critical role in managing different tasks related to the Protection of Critical Infrastructures (Computer Systems) Ordinance, safeguarding the company's critical systems. This role involves leading efforts to implement and maintain cybersecurity controls aligned with the CI Ordinance requirements, alongside vulnerability management, security engineering, incident response and other cyber operations. The specialist will act as a key liaison point for the Ordinance, working closely with internal teams and external parties to uphold the organization's security posture as best practice and regulatory obligations.
Responsibilities:
- Manage the tasks related to Protection of Critical Infrastructures (Computer Systems) Ordinance, including implementation of required cybersecurity measures and reporting.
- Develop, implement, and maintain security controls and procedures to meet the Ordinance requirements across IT and OT environments.
- Conduct vulnerability assessments and manage remediation efforts as part of the broader cybersecurity program.
- Design, build and maintain systems that protect the company from cyber attack
- Perform regular security reviews related to the Ordinance and other relevant security standards and regulations.
- Collaborate with cross-functional teams to integrate the Ordinance's requirements into IT and OT system design and operations.
- Stay informed of updates to the Ordinance and related regulatory frameworks, ensuring timely adaptation of security practices.
- Support incident response activities with incident response team, including coordination with regulatory bodies as required under the Ordinance.
Job Requirements:
- Degree holder or above in Computer Science / Information Technology / Engineering or related disciplines.
- Minimum of 5 years with hands on technical experience in IT or OT Cyber Security roles.
- Knowledge of the Protection of Critical Infrastructures (Computer Systems) Ordinance, Code of Practice and its cybersecurity requirements is essential.
- Proven experience in vulnerability management, security monitoring, incident response or regulation compliance.
- Solid experience in Windows Server system, Linux systems, Virtual Machine, Network administration and monitoring is a definite advantage.
- Familiarity with industrial control system protocols such as Modbus, DNP3, ProfiNet is advantageous.
- Solid understanding of IT security principles, threat monitoring, incident response, and security control implementation.
- Excellent problem-solving, analytical and interpersonal skills.
- Ability to work independently and collaboratively across teams and with external regulators.
- Fluent in spoken and written English; proficiency in spoken and written Chinese (Putonghua and Simplified Chinese) is advantageous.
