Senior Analyst (IT Security & Assurance), Information Technology (Multiple Openings)
Hong Kong, Hong Kong

Established in Asia in 2013 with a trailblazer mentality, FWD is the primary insurance business of investment group, Pacific Century Group (PCG), with minority shareholders Swiss Re Group, GIC Ventures, RRJ Capital and Hopu Investments.

FWD spans 10 markets in Asia including Hong Kong SAR & Macau SAR, Thailand, Indonesia, the Philippines, Singapore, Vietnam, Japan, Malaysia and Cambodia.

In Hong Kong, FWD offers life and medical insurance, general insurance, employee benefits, and financial planning. We focus on creating fresh customer experiences and making the insurance journey simpler, faster and smoother, with innovative propositions and easy-to-understand products, supported by digital technology.

Through this customer-led approach, FWD aims to be a leading pan-Asian insurer by changing the way people feel about insurance.

If you are looking for a company where can fuel your inspiration and cultivate your expertise, join us on our exciting journey.

The Job :

IT Security Operations & Engineering stream (2 Openings)

  • Engineer, implement and monitor security measures for the protection of computer systems, networks and information
  • Identify and define system security requirements according to Group's IT security relevant policies and standard
  • Partner with Group, Local counter parties to implement security solution
  • Configure and troubleshoot security detection and protection technologies
  • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
  • Participate in incident handling - identification, containment, eradication, and recovery.
  • IT Audit, Risk & Security Governance stream (1 Opening)

  • Work extensively with Internal / External Audit and Risk Management on IT audit, risk and compliance assessment
  • Engage with all levels of IT staffs to gather information for audit and assessment
  • Tracked the remediation status of audit and assessment observation and recommendation and prepare management reports
  • Work with Group IT Security and Information Risk Management to perform risk assessment
  • Involve in new systems and projects under development as an independent advisor to IT teams and business to ensure security requirements are embedded into BAU processes and IT projects
  • Develop and regularly review policies and procedures regarding IT Security
  • Perform risk assessment and trend analysis to ensure that IT risks are identified, measured, recorded and reported, monitored, and re-mediated timely and within the Company's risk appetite
  • Prepare materials communicating IT security messages and supporting management reporting on security and technology performance
  • Promote IT security awareness and conduct regular training for staff
  • The Person : For both streams :

    For both streams :

  • Degree in Computer Studies, or related disciplines
  • Relevant professional qualifications (e.g. CISA, CISM, and CISSP)
  • At least 6 years of relevant working experience, preferably in banking / insurance industry
  • Committed, proactive, assertive and positive with a can-do attitude
  • Strong team player to collaborate with a diverse team
  • Thrive in a fast-paced environment
  • Fluent in both spoken and written English and Chinese
  • Candidate with less experience will be considered as Analyst
  • IT Security Operations & Engineering specific requirements :

  • Familiar with various security detection and protection technologies and controls such as Firewalls, IPS, WAF, EDR, SIEM, SOAR, DLP, DDoS mitigation, Network Access Control, email security
  • Strong understanding of Cybersecurity architecture and information protection principles
  • Thorough understanding of vulnerabilities management and countermeasures
  • Knowledge in Serverless and micro-service architecture and, Azure Kubernetes Service
  • Knowledge in Information Security Framework, such as ISO 27000, ITIL, COBIT and NIST
  • Familiar with one of the working environments : bash, Csh or PowerShell
  • Hands on experience in SCCM for software deployment will be advantage
  • Candidate who has programming experience will be advantage
  • IT Audit, Risk & Security Governance specific requirements :

  • Strong control mindset on cyber and technology risk matters
  • Able to articulate IT risk in relation to the business
  • Ability to identify and assess complex IT risks and controls
  • Capable of providing effective challenge and advice while maintaining strong, respectful relationships with various parties
  • Familiar with relevant regulatory requirements on technology risk management and cybersecurity relating to Bermuda Monetary Authority (BMA), Insurance Authority (IA), Securities and Futures Commission (SFC) and Monetary Authority of Macao (AMCM)
  • Candidate who has IT Audit or IT Governance, Risk, and Compliance (GRC) experience will be an advantage
  • We offer 5-day work, 20-22 days annual leaves, excellent learning & development opportunities and an attractive package to the right candidate.

    Information collected will be treated in strict confidence and used solely for recruitment purpose. The company will retain all applications no longer than 24 months of which will be destroyed thereafter.

    When there are vacancies in any of our subsidiaries, holding companies, associated or affiliated companies of, or companies controlled by, or under common control with the Company during that period, we may transfer your application to them for consideration of employment.

    We are an equal opportunity employer. We do not discriminate on the basis of race, sex, disability or family status in employment process


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“繼續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。