Assistant Manager, IT

Where Your Career Takes Flight Airport Authority Hong Kong (AA) manages and operates Hong Kong International Airport, one of the finest and busiest airports in the world.We now invite high calibre talent with creativity and passion to join us for a rewarding and meaningful career journey.We care for our people and provide colleagues with a fair, open and supportive workplace.By joining us, you will contribute to the continued success and growth of a key infrastructure and economic engine of Hong Kong, gaining invaluable experiences in a unique environment and enjoying boundless opportunities to unleash your full potential.Together we will share the pride of our leadership status in the global aviation industry and our commitment to sustainability.This is a fixed-term contract position of minimum 2 years with possibility for renewal subject to organization need and individual performance.Job Description Support for Risk Management for all IT Systems, to ensure compliance with Critical Infrastructure (Cl) Ordinance, best industrial practices, Personally Identifiable Information (PII) requirements for the identified Critical Computer Systems (CCS) and prepare reports for top management approval mandated by Cl ordinance. Lead risk-based assessment, manage the framework and process to ensure the security assessment should be (a) conformance to established policies and guidelines and (b) identify security risks exposure with recommendation for risk mitigation. Maintain up-to-date Risk Register on identified Information Technology/security potential risk and in accordance with Critical Infrastructure (Cl) Ordinance. Prepare and support IT security audit exercise with internal and external parties to fulfill the regulatory requirements of Security Audit (SA). Perform compliance audit and security risk assessment to IT systems.  Also, manage security test exercises, including reviewing the test results, procurement process, vendor management. Provide technical advice on security requirements and recommend the security measures. Manage security related projects including solution design, tender preparation, vendor management, project implementation, with collaboration with various stakeholders. Assist decision making and define security requirements for deploying security technologies. Contribute to various security projects with ability to review and assess the security solution architecture design. Manage and monitor vulnerability management and coordinate with patch management activities with different IT teams for fixing or migration to protect the system and maintain the system's performance and availability. Timely patching to mitigate weak links to explore risks and protect the Authority from cyber threats. Support vulnerability management and scanning cycle of the IT systems and especially on the identified Critical Computer Systems (CSS). Assist in defining the procedures and frameworks for Security Assessment and manage the Threats and Vulnerabilities Management including, vulnerability scanning, analysis of the risk, prioritization and mitigation plan to fulfill the regulatory requirements of Security Risk Assessment (SRA). Maintain and support security awareness initiatives by developing and delivering comprehensive training programs, workshops and cybersecurity drills.  Promote and provide education/training to diverse range IT users, staff on cybersecurity, share the best practices and enhance their awareness of emerging threats and attack vectors. Requirements Degree holder in Information Technology, Computer Science or related disciplines with at least 6 years of IT work experience and with 2 years’ relevant experience focus on IT security/cybersecurity. Professional certifications in Information Security, Cybersecurity Security or Risk Management and/or Compliance is a plus (i.e. Certified Information Systems Auditor (CISA), Certification of Certified Information Security Manager (CISM) / Certified Information Security Professional (CISSP), Certified Information Security Professional(CISP), Certified in Risk and Information Systems Control (CRISC), ISO27001Lead Auditor and etc.) Solid experience and knowledge in IT/Information Security Risk Management in large-scale IT environments Strong knowledge and hands-on experience with security review, assessment and audit. Experience in managing security solutions (e.g. OLP, PAM, Assessment and scanning tools) and security tools such as Nessus, Kyle, Tenable, SonarQube, SIEM, EDR etc. is preferred. Proven experience in security team of companies in the aviation industry, critical infrastructure companies or comparable organizations is an advantage Knowledge in network security such as firewall, network access control, internet security solution, web application and API firewall. Familiarize with operating systems such as Windows, Redhat Linux or OCP/Kubernetes/Cloud Container Platforms, Common IT products such as MS Exchange, Active Directory, EntralD, MySQL, PostgreSQL, VMware and cloud platform such as Azure, AWS, Akamai, Cloudflare, ServiceNow and modern GenAI, Al agents, etc. is preferred Excellent command of spoken and written English and Chinese with knowledge of Putonghua is an advantage