麻豆传媒

1. Home
2. Career
   • Why the SFC
     • Join us as an experienced professional
     • Join us as an Executive Trainee
     • Join us as an Intern
     • Working at the SFC
     • Core values
     • A socially responsible employer
   • What the SFC does
     • Regulatory objectives
     • Who we regulate
     • How we function
   • Contact us
   • FAQs
3. Why the SFC
   • Join us as an experienced professional
     • Current Openings
   • Join us as an Executive Trainee
   • Join us as an Intern
     • Summer and Winter Internship Programme
     • Sustainable Finance Internship Programme
   • Working at the SFC
   • Core values
   • A socially responsible employer
     • People and the community
     • CSR activities
     • Environmental protection
     • CSR Committee
4. Join us as an experienced professional
   • Current Openings
5. Current Openings
6. Manager / Assistant Manager - Information Technology, Corporate Affairs

Ref.: SFC/M/AM/IT/CA/250905

Duties & Responsibilities:

• Develop and Implement an IT Risk Management Framework: Establish a robust framework encompassing risk identification, assessment, analysis, mitigation, monitoring, and reporting processes.
• Conduct IT Risk Assessments: Perform regular IT risk assessments to identify and develop risk mitigation strategies to address identified risks of critical systems and infrastructure.
• Act as a Subject Matter Expert:  Assist business units and cross-functional teams in identifying and mitigating technology risks, and develop the cloud and data security strategy.
• Ensure Compliance with Regulations: Ensure compliance with relevant regulations, ISO audit and industry security best practices.
• Manage Third-Party Risk: Assess and manage information risks associated with third-party vendors and service providers.
• Incident Response Analysis: Conduct security incident analysis to identify the root cause of security incidents and provide a mitigation strategy in the event of a security incident.
  

Requirements:

• Degree holder in Computer Science or other degree majoring in Information Systems, or related discipline.
• Minimum 10 years of experience in IT security, technology risk, risk management, system development, system management, compliance or IT audit function.
• Familiar with relevant regulations and industry stands including ISO 27001 and NIST Cybersecurity Framework.
• Familiar with cloud security solutions, SIEM and vulnerability scanners.
• Demonstrated experience working with the regulators and external auditors.
• Holding at least one recognized professional qualification such as CISA, CISSP, CISM, cloud security engineer is preferable.
• Good communication and interpersonal skills.
• Independent, strong self-initiative and with passion in information security and cyber security professional.
  

Please quote the reference and apply by 19 September 2025 with details of qualifications, previous experience, current and expected salary to:

Recruitment Manager
麻豆传媒 & Futures Commission
54/F, One Island East,
18 Westlands Road, Quarry Bay, Hong Kong
(E-mail address : ca_recruit@sfc.hk)

All applications will be handled in strict confidence by authorised personnel and will only be used for recruitment related purposes. Applicants who do not hear from us within six months from the application deadline may consider their applications as unsuccessful. All information on unsuccessful candidates will be destroyed after six months.

We are an EQUAL OPPORTUNITY EMPLOYER.

Last update: 5 Sep 2025