Assistant Information Technology Managers (Security & Audit) will be mainly responsible for – (a) serving as the technical lead on matters of IT security and collaborating with all levels of IT staff to complete jobs assigned; (b) enforcing the updating and compliance with the best practices, regulations, policies and guidelines on IT security; (c) performing regular security scanning and drills of IT systems, arranging biennial independent security assessment and audit, and enforcing timely completion of security safeguards and handling of security incidents; (d) assisting in implementation, maintenance and administration of security-related and network facilities; (e) arranging regular security management meeting, liaising with external parties in respect of IT security, and documenting security related matters; (f) providing IT support, advisory and training to users; and (g) handling various administrative tasks and other IT-related duties.

(a) Candidates should have – (i) a bachelor’s degree in Computer Science, Information Technology (IT) or related discipline from a Hong Kong university, or equivalent; (ii) met the language proficiency requirements of ‘Level 2’ [Note (1)] or above results in Chinese Language and English Language in the Hong Kong Diploma of Secondary Education Examination (HKDSEE) or the Hong Kong Certificate of Education Examination (HKCEE), or equivalent; (iii) valid certificates of Certified Information Systems Security Professional (CISSP) and/or Certified Information Systems Auditor (CISA), or equivalent; (iv) at least 5 years’ relevant post-qualification full-time IT working experience, of which 2 years must be in a similar post and in a comparable capacity; and (v) at least 4 years’ full-time hands-on experience in IT security management (risk assessment and audit, security document review, security training, implementation of security systems and safeguards, etc.) for the HKSAR Government or other sizable organisations (e.g. with more than 300 employees). (b) Candidates should have knowledge and experience in IT infrastructure, application development, system support and project management. (c) Candidates should be customer-oriented, able to perform under pressure, willing to work after office hours and occasionally working on an on-call basis as required. (d) Candidates who are holders of the following certificates or equivalent will be advantageous – • Projects in Controlled Environments, version 2 (PRINCE2) Professional • Project Management Professional (PMP) • Certified Information System Manager (CISM) • Cisco Certified Network Associate/Professional (CCNA/CCNP) • Microsoft Certified Professional/Solutions Associate of Windows Server • Linux/Unix Certifications (e.g. RHCSA/RHCE/LPIC-1/2) (e) Candidates who have experience in using the following technologies/products will be advantageous – MS Windows operating systems (Windows 7/10, Windows Server 2008/2012), Unix/Linux operating systems (Solaris, HP-UX, Red Hat, Ubuntu, SUSE, Oracle), Apple iOS, Network equipment/technologies (Cisco routers/switches, load balancer, WiFi, IPv6, VPN), Security systems/technologies (firewall, IPS, WAF, PKI, anti-malware, anti-spam, end-point security, mobile device management system, content delivery network), System authentication, management and monitoring tools (LDAP, WSUS, PRTG), Web-related technologies (IIS, Apache, Tomcat, HTML, Javascript, Java), Database management systems (Oracle, MySQL, MS SQL Server, MS Access), IBM Notes and Domino, IP-PBX systems