Established in Asia in 2013 with a trailblazer mentality, FWD is the primary insurance business of investment group, Pacific Century Group (PCG), with minority shareholders Swiss Re Group, GIC Ventures, RRJ Capital and Hopu Investments.
FWD spans 10 markets in Asia including Hong Kong SAR & Macau SAR, Thailand, Indonesia, the Philippines, Singapore, Vietnam, Japan, Malaysia and Cambodia.
In Hong Kong, FWD offers life and medical insurance, general insurance, employee benefits, and financial planning. We focus on creating fresh customer experiences and making the insurance journey simpler, faster and smoother, with innovative propositions and easy-to-understand products, supported by digital technology.
Through this customer-led approach, FWD aims to be a leading pan-Asian insurer by changing the way people feel about insurance.
If you are looking for a company where can fuel your inspiration and cultivate your expertise, join us on our exciting journey.
The Job :
IT Security Operations & Engineering stream (2 Openings)
Engineer, implement and monitor security measures for the protection of computer systems, networks and information
Identify and define system security requirements according to Group's IT security relevant policies and standard
Partner with Group, Local counter parties to implement security solution
Configure and troubleshoot security detection and protection technologies
Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
Participate in incident handling - identification, containment, eradication, and recovery.
IT Audit, Risk & Security Governance stream (1 Opening)
Work extensively with Internal / External Audit and Risk Management on IT audit, risk and compliance assessment
Engage with all levels of IT staffs to gather information for audit and assessment
Tracked the remediation status of audit and assessment observation and recommendation and prepare management reports
Work with Group IT Security and Information Risk Management to perform risk assessment
Involve in new systems and projects under development as an independent advisor to IT teams and business to ensure security requirements are embedded into BAU processes and IT projects
Develop and regularly review policies and procedures regarding IT Security
Perform risk assessment and trend analysis to ensure that IT risks are identified, measured, recorded and reported, monitored, and re-mediated timely and within the Company's risk appetite
Prepare materials communicating IT security messages and supporting management reporting on security and technology performance
Promote IT security awareness and conduct regular training for staff
The Person : For both streams :
For both streams :
Degree in Computer Studies, or related disciplines
Relevant professional qualifications (e.g. CISA, CISM, and CISSP)
At least 6 years of relevant working experience, preferably in banking / insurance industry
Committed, proactive, assertive and positive with a can-do attitude
Strong team player to collaborate with a diverse team
Thrive in a fast-paced environment
Fluent in both spoken and written English and Chinese
Candidate with less experience will be considered as Analyst
IT Security Operations & Engineering specific requirements :
Familiar with various security detection and protection technologies and controls such as Firewalls, IPS, WAF, EDR, SIEM, SOAR, DLP, DDoS mitigation, Network Access Control, email security
Strong understanding of Cybersecurity architecture and information protection principles
Thorough understanding of vulnerabilities management and countermeasures
Knowledge in Serverless and micro-service architecture and, Azure Kubernetes Service
Knowledge in Information Security Framework, such as ISO 27000, ITIL, COBIT and NIST
Familiar with one of the working environments : bash, Csh or PowerShell
Hands on experience in SCCM for software deployment will be advantage
Candidate who has programming experience will be advantage
IT Audit, Risk & Security Governance specific requirements :
Strong control mindset on cyber and technology risk matters
Able to articulate IT risk in relation to the business
Ability to identify and assess complex IT risks and controls
Capable of providing effective challenge and advice while maintaining strong, respectful relationships with various parties
Familiar with relevant regulatory requirements on technology risk management and cybersecurity relating to Bermuda Monetary Authority (BMA), Insurance Authority (IA), Securities and Futures Commission (SFC) and Monetary Authority of Macao (AMCM)
Candidate who has IT Audit or IT Governance, Risk, and Compliance (GRC) experience will be an advantage
We offer 5-day work, 20-22 days annual leaves, excellent learning & development opportunities and an attractive package to the right candidate.
Information collected will be treated in strict confidence and used solely for recruitment purpose. The company will retain all applications no longer than 24 months of which will be destroyed thereafter.
When there are vacancies in any of our subsidiaries, holding companies, associated or affiliated companies of, or companies controlled by, or under common control with the Company during that period, we may transfer your application to them for consideration of employment.
We are an equal opportunity employer. We do not discriminate on the basis of race, sex, disability or family status in employment process