Information Security Consultant
Hong Kong, CN

RGP is a global consulting firm helping some of the most recognized companies in the world work differently. Our success comes from a shared belief in rolling up our sleeves and doing the hard work of solving complex challenges, executing plans and implementing technology to help transform organizations.

Working as a consultant you will be connected to work that matters, putting your expertise to its best use while developing skills for the future.

The result is a career defined by you, supported by RGP and built on tangible accomplishments.

Similar Jobs

Accounting Management Consultant

Hong Kong, , CN

IT Project Management Consultant

Hong Kong, , CN

As we continue to grow and deepen our impact on organizations around the world, we are looking for the right people to join us on our mission.

If you are interested in being part of our team, there a few things you should know :

  • We are energized by challenges and the effort needed to solve them.
  • We like working with people who are positive, adaptable and growth-minded.
  • We care how work gets accomplished and are deeply invested in the success of our clients and our colleagues.
  • If this sounds like you, we invite you to read on and learn more.


    RGP has a unique consulting model that provides opportunities for consultants to work in different ways. Most consultants work in a model where they have the flexibility and autonomy to choose projects aligning to their experience, skills and desired lifestyle.

    Other opportunities exist in team-based, strategy and solutions work. In all models, you will feel the full support of RGP to assist you in your work and guide you on your chosen path.


    As an Information Security / IT Risk Consultant, you will be responsible for understanding and analyzing a company’s IT requirements and advise on IT security solutions.

    You will assist with the management and supervision of the implementation of solution procedures and change management processes.


  • Respect for people and opinions and confidently offer your point-of-view with clients and among colleagues
  • A drive for proactively cultivating relationships with clients and colleagues
  • Optimism when faced with challenges and complex situations, coupled with the drive to solve client issues
  • Dedication to continuous improvement and development of your skillset and talents
  • A strong personal identification with RGP’s values loyalty, integrity, focus, enthusiasm, accountability and talent

  • Lead IS Governance and Risk’s continuous process improvement projects such as application security risk assessment and self-assessment processes against IS standards
  • Support requirements gathering and design efforts of critical projects as needed
  • Perform security risk assessments (SRA) according to the SRA framework and IS standards for custom-developed and third-party applications within the existing infrastructure
  • Assist in identifying application control deficiencies as well as the associated risks
  • Document IS risks to identify the relevant impact to enterprise systems, infrastructure and business processes; Develop and maintain process, risk methodologies and SOP documentation
  • Understand and effectively communicate how vulnerabilities can be exploited within technology and the enterprise environment
  • Provide remediation recommendations and / or recommend alternate solutions to resolve gaps against IS Standards
  • Provide security consulting and advisory services to business units and project teams
  • Develop action plans and / or recommend alternate solutions to resolve exceptions to standard operating procedures
  • Research and maintain knowledge base regarding industry frameworks, best practices, information security issues, solutions and potential implications

  • Bachelor Degree in Information Systems or related field or an equivalent combination of education and experience required
  • Minimum 7 to 11 years of hands-on technology risk, security and / or governance experience
  • CISSP, CISA, CISM, CIA or equivalent designation preferred
  • Solid understanding of information security policies, standards, industry best practices, and frameworks (i.e. ISO 27K, NIST 800 series, OWASP, COSO, CoBIT)
  • Solid understanding of application and network security, OSI model, information security architecture and security technologies (i.
  • e. penetration testing tools)

  • Familiarity with common platforms, databases and applications (i.e. Oracle, SAP, web development tools, virtualization, UNIX and Linux)
  • Experience managing and developing baseline security configurations and experience with common industry guidelines (CIS, STIGs, etc.)
  • Experience with common SDLC and / or process improvement methodologies (i.e. Lean, Six Sigma, Agile, etc.)
  • Communicates effectively verbally and in writing, and expresses conclusions and recommendations in a clear, technically sound manner
  • Equal Opportunity Employer RGP is proud to be an Equal Opportunity Employer.


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。