Manager, Information Security Administrator

Job Purpose

Leads and coordinates audit-related activities, including evidence collection, report generation, and response preparation, ensuring timely and accurate delivery to internal and external auditors. They play a key role in supporting compliance initiatives across cybersecurity, data privacy, and operational risk domains, helping maintain the organization's regulatory and governance posture.

Main Responsibilities Security Policy & Governance

• Develop, implement and maintain policies and procedures in relation to security administration (e.g., identity and access management).

Infrastructure Security & Compliance

• Oversee the security posture of all IT infrastructure components, ensuring full compliance with corporate security policies and industry best practices.
• Extend compliance oversight to IoT devices, including CCTV systems, door access control, and other network-connected physical security technologies.
• Collaborate with facilities and operations teams to integrate physical and digital security controls.

Certificate & Key Management

• Manage the lifecycle of TLS/SSL certificates, including issuance, renewal, revocation, and secure storage.
• Maintain an accurate and up-to-date inventory of encryption keys, ensuring proper rotation and access control.

Audit Support & Compliance

• Lead and coordinate audit-related activities, including evidence collection, report generation, and response drafting.
• Ensure timely and accurate delivery of audit materials to internal and external auditors.
• Support compliance initiatives across cybersecurity, data privacy, and operational risk domains.

Requirements Education and Qualification

• A bachelor's degree / diploma in computer science, information technology, or a related field is often preferred.
• Possess one or more certificates in CISSP / CISA / CISM.

Work Experience

• Minimum 5 years of relevant experience in IT security, infrastructure security, or a similar role.
• Experience in banking industry is preferred.

Technical Skills

• Experience supporting audit and compliance processes (e.g., internal/external audits, regulatory reviews).
• Strong understanding of network and infrastructure security, security policy frameworks and regulatory standards (e.g., ISO 27001, HKMA, SFC).

Personal Skills

• Strong analytical and problem-solving skills.
• Excellent communication and documentation abilities.
• Ability to work independently and in a team-oriented environment.
• Commitment to continuous learning and professional development.

Please note that only shortlisted candidates will be notified.

For application & more information, please log on to

All information received will be kept in strict confidence and only for employment-related purposes.